Z0Ng

**Name of the Vulnerable Software and Affected Versions** likeadmin-likeshop likeadmin php versions prior to 1.9.7 **Description** A remote SQL injection exists in the dataTable Admin API component. The issue is located in the `queryResult()` function within the `serverappadminapiliststoolsDataTableLists.php` file, allowing for remote manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `queryResult()` function in the `serverappadminapiliststoolsDataTableLists.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Lot Reservation System versions prior to 1.1 **Description** A remote SQL injection can occur due to the manipulation of the `email` and `password` arguments within an unknown function of the '/loginuser.php' file. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** As a temporary workaround, restrict access to the '/loginuser.php' file or avoid using the `email` and `password` parameters until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Lot Reservation System versions prior to 1.1 **Description** Path traversal allows remote attackers to access files via the '/download.php' endpoint. This occurs through the manipulation of the `File` argument processed by the `readfile()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Lot Reservation System version 1.0 **Description** An unrestricted upload issue exists in the file '/activity.php'. Remote attackers can exploit this by manipulating the `directory` argument, allowing the upload of arbitrary files. **Recommendations** As a temporary workaround, restrict access to the '/activity.php' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Lot Reservation System version 1.0 **Description** An unrestricted file upload issue exists in the `/edithousepic.php` file. Remote attackers can exploit this by manipulating the `image` argument, allowing the upload of unauthorized files. **Recommendations** Restrict access to the `/edithousepic.php` file or the `image` argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.7.2 **Description** An unrestricted file upload issue exists in the `edit adminlogo()` function within the application/admin/controller/Index.php file. A remote attacker can achieve this by manipulating the `filename` argument. **Recommendations** Update to a version later than 1.7.1. As a temporary workaround, restrict access to the `edit adminlogo()` function until a patch is applied.