Yoshik0Xf6

**Name of the Vulnerable Software and Affected Versions** ITC Systems Multiplan/Matrix OneCard platform version 3.7.4.1002 **Description** The issue is related to a SQL injection vulnerability. It affects the Forgotpassword.aspx component. **Recommendations** For version 3.7.4.1002, consider restricting access to the Forgotpassword.aspx component until a patch is available. Avoid using the Forgotpassword.aspx component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tikit (now Advanced) eMarketing platform version 6.8.3.0 **Description** A Directory Traversal (Local File Inclusion) issue allows a remote attacker to read arbitrary files and obtain sensitive information. This is achieved by sending a crafted payload to the `OpenLogFile` endpoint, specifically targeting the `filename` parameter. **Recommendations** For version 6.8.3.0, as a temporary workaround, consider restricting access to the `OpenLogFile` endpoint until a patch is available. Avoid using the `filename` parameter in the affected endpoint until the issue is resolved.