Xiaoliangli1128

**Name of the Vulnerable Software and Affected Versions** CRMEB versions 1.3.4 and earlier **Description** The issue is related to SQL Injection, which can be exploited via the "/api/admin/user/list" API endpoint. **Recommendations** For CRMEB versions 1.3.4 and earlier, as a temporary workaround, consider restricting access to the "/api/admin/user/list" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pear-admin-think versions <=5.0.6 **Description** A Cross Site Scripting (XSS) issue exists, allowing a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. **Recommendations** For versions <=5.0.6, update to a version greater than 5.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.