X00Ero

**Name of the Vulnerable Software and Affected Versions** San Luan PublicCMS version 4.0 **Description** A SQL Injection issue allows a remote attacker to execute arbitrary code via the `sql` parameter. This enables the attacker to potentially access or modify sensitive data. **Recommendations** For San Luan PublicCMS version 4.0, consider restricting access to the `sql` parameter in the affected API endpoint until a patch is available. As a temporary workaround, avoid using the `sql` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0 **Description** A SQL Injection issue allows a remote attacker to execute arbitrary code via the `sql` parameter of the SysSiteAdminControl. **Recommendations** For PublicCMS version 4.0, update to a version that includes a fix for this issue, as using the `sql` parameter in the SysSiteAdminControl can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.