Yuhuanyu

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Curfew e-Pass Management System version 1.0 **Description** A critical issue affects the processing of the file /admin/edit-pass-detail.php. The manipulation of the `editid` argument leads to SQL injection. The attack may be initiated remotely. **Recommendations** For PHPGurukul Curfew e-Pass Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/edit-pass-detail.php file until a patch is available. Avoid using the `editid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the `delete` function of the file `/admin/template/edit`. The manipulation of the `name` argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue can be initiated remotely. Recommendations: For JFinalCMS versions up to 1.0, patch immediately to prevent exploitation. Additionally, review logs for signs of exploit. As a temporary workaround, consider restricting access to the `/admin/template/edit` endpoint or disabling the `delete` function until a patch is available.