Wyl321

**Name of the Vulnerable Software and Affected Versions** idcCMS version 1.35 **Description** A problematic issue was found in idcCMS, affecting an unknown functionality of the file "/admin/admin cl.php?mudi=revPwd". This issue leads to cross-site request forgery and can be launched remotely. **Recommendations** For idcCMS version 1.35, as a temporary workaround, consider restricting access to the "/admin/admin cl.php" endpoint until a patch is available. Avoid using the `mudi` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** heyewei JFinalCMS version 5.0.0 **Description** A critical issue has been found in the Custom Data Page component, specifically affecting an unknown functionality of the file "/admin/div data/delete?divId=9". This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For version 5.0.0, consider disabling access to the "/admin/div data/delete?divId=9" endpoint until a patch is available. Restricting the use of the Custom Data Page component may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.