Yaoyao6688

**Name of the Vulnerable Software and Affected Versions** Gila GilaCMS version 1.11.4 **Description** The issue allows a remote attacker to execute arbitrary code via the `cm/update rows/user` parameter. This is a Cross Site Request Forgery vulnerability. **Recommendations** For Gila GilaCMS version 1.11.4, consider disabling access to the `cm/update rows/user` parameter until a patch is available. Restricting the use of this parameter can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: An issue in Monstra CMS allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. Recommendations: For Monstra CMS version 3.0.4, update to a version that fixes the file extension filter bypass issue to prevent arbitrary web script or HTML execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GilaCMS version 1.11.4 Description: The issue is related to a SQL injection vulnerability. It occurs via the `$ GET` parameter in the `/src/core/controllers/cm.php` file. This allows for potential exploitation. Recommendations: For GilaCMS version 1.11.4, consider restricting access to the `/src/core/controllers/cm.php` file until a patch is available. As a temporary workaround, avoid using the `$ GET` parameter in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GilaCMS version 1.11.4 Description: A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. This can lead to the execution of malicious code on the victim's browser. Recommendations: For GilaCMS version 1.11.4, consider disabling the ability to upload SVG files until a patch is available to prevent exploitation of this issue. Restrict access to areas where file uploads are possible to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GilaCMS version 1.11.4 Description: A cross-site scripting (XSS) issue in the /admin/content/post endpoint of GilaCMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the `Tags` field. Recommendations: For GilaCMS version 1.11.4, consider disabling the `Tags` field in the /admin/content/post endpoint until a patch is available to prevent exploitation. Restrict access to the /admin/content/post endpoint to minimize the risk of arbitrary web script execution. Avoid using the `Tags` field in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: GilaCMS version 1.11.4 Description: A Cross-Site Request Forgery (CSRF) issue allows authenticated attackers to arbitrarily add administrator accounts. Recommendations: For GilaCMS version 1.11.4, update to a version that includes a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** LayerBB versions 1.1.1 through 1.1.3 **Description** The issue is related to SQL Injection via the "search.php" API endpoint, specifically through the `search query` parameter. This allows for potential exploitation. **Recommendations** For versions 1.1.1 and 1.1.3, avoid using the `search query` parameter in the "search.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the "search.php" endpoint to minimize the risk of exploitation.