Xrun

**Name of the Vulnerable Software and Affected Versions** Loggrove version 1.0 **Description** The issue concerns SQL Injection in the read.py file. **Recommendations** For version 1.0, consider restricting access to the read.py file until a patch is available. As a temporary workaround, review and modify the SQL queries in the read.py file to prevent injection attacks.

**Name of the Vulnerable Software and Affected Versions** Loggrove version 1.0 **Description** A Remote Code Execution (RCE) issue allows a remote attacker to execute arbitrary code via the `path` parameter. **Recommendations** For Loggrove version 1.0, avoid using the `path` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Loggrove version 1.0 **Description** The issue allows a remote attacker to obtain sensitive information. It is related to the read.py component, which is part of Loggrove. No information is available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Loggrove version 1.0, consider restricting access to the read.py component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tpcms version 3.2 **Description** A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the `cfg copyright` or `cfg tel` field in the Site Configuration page. This enables attackers to execute malicious scripts on the website. **Recommendations** For tpcms version 3.2, as a temporary workaround, consider restricting access to the Site Configuration page until a patch is available. Avoid using the `cfg copyright` and `cfg tel` fields in the Site Configuration page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tpcms version 3.2 **Description** An issue with access control in the application allows remote attackers to view sensitive information by manipulating the path in the application URL. **Recommendations** For tpcms version 3.2, consider restricting access to sensitive information until a proper fix is applied, by limiting the paths that can be accessed via the application URL. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TPCMS version 3.2 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Phone` text box. **Recommendations** For TPCMS version 3.2, consider disabling the `Phone` text box functionality until a patch is available to prevent exploitation. Restrict access to this feature to minimize the risk of arbitrary script execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TPCMS version 3.2 **Description** The issue allows attackers to access the ThinkPHP log directory, potentially obtaining sensitive information such as the administrator's user name and password. **Recommendations** For TPCMS version 3.2, restrict access to the ThinkPHP log directory to minimize the risk of exploitation. Consider implementing additional security measures to protect sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.