Xiaosguang

**Name of the Vulnerable Software and Affected Versions** dingfanzuCMS version 1.0 **Description** The issue allows a local attacker to execute arbitrary code due to incorrect filtering of content at the `checkOrder.php` shopId module. This enables the attacker to perform SQL injection attacks. **Recommendations** For dingfanzuCMS version 1.0, as a temporary workaround, consider disabling the `checkOrder.php` module until a patch is available. Restrict access to the shopId module to minimize the risk of exploitation. Avoid using the shopId parameter in the affected `checkOrder.php` endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Home Clean Services Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown functionality of the file /public html/admin/process.php. The manipulation of the `type/length/business` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Home Clean Services Management System version 1.0, consider restricting access to the /public html/admin/process.php file until a patch is available. As a temporary workaround, avoid using the `type/length/business` argument in the affected file to minimize the risk of exploitation.