Youyou-Pm10

**Name of the Vulnerable Software and Affected Versions** codefever versions prior to 2023.2.7-commit-b1c2e7f **Description** A remote code execution issue was found in the component /controllers/api/user.php, allowing for potential exploitation. **Recommendations** For versions prior to 2023.2.7-commit-b1c2e7f, update to version 2023.2.7-commit-b1c2e7f or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** typecho version 1.1/17.10.30 **Description** The issue is a remote code execution (RCE) vulnerability. It can be exploited via the install.php file. **Recommendations** For typecho version 1.1/17.10.30, consider restricting access to the install.php file as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tramyardg hotel-mgmt-system version 2022.4 **Description** The issue concerns SQL Injection, which can be exploited via the /app/dao/CustomerDAO.php endpoint. This allows for potential unauthorized access or manipulation of data. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Tramyardg hotel-mgmt-system version 2022.4, consider restricting access to the /app/dao/CustomerDAO.php endpoint until a patch is available. Additionally, review and modify the code to properly sanitize and validate user input to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tramyardg hotel-mgmt-system version 2022.4 **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `process update profile.php` file. **Recommendations** For Tramyardg hotel-mgmt-system version 2022.4, consider restricting access to the `process update profile.php` file until a patch is available.