Vlynx

**Name of the Vulnerable Software and Affected Versions** Kreado Kreasfero version 1.5 **Description** The issue arises from improper sanitization of uploaded files to the media directory, allowing an attacker to upload a malicious PHP file and achieve remote code execution. **Recommendations** For version 1.5, consider implementing proper file upload validation and sanitization to prevent the upload of malicious files, or restrict access to the media directory until a fix is available. As a temporary workaround, consider disabling file uploads to the media directory until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Kreado Kreasfero version 1.5 **Description** An SQL Injection issue exists via the `id` parameter. **Recommendations** For version 1.5, avoid using the `id` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.