Xuepengz

**Name of the Vulnerable Software and Affected Versions** itsourcecode Content Management System version 1.0 **Description** A critical issue has been discovered, affecting a part of the /admin/add topic.php?category=BBS file. The manipulation of the `Cover Image` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For itsourcecode Content Management System version 1.0, consider restricting access to the /admin/add topic.php?category=BBS endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `Cover Image` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Content Management System version 1.0 **Description** A critical issue was discovered in the itsourcecode Content Management System, affecting the /admin/update main topic img.php file. The manipulation of the `topic id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Content Management System version 1.0, consider disabling the /admin/update main topic img.php file until a patch is available to prevent SQL injection attacks. Restrict access to the `topic id` argument in the affected API endpoint to minimize the risk of exploitation.