Zeo

**Name of the Vulnerable Software and Affected Versions** Find a Place LJCMS version 1.3 **Description** A SQL injection issue in the "/oa.php?c=Staff&a=read" endpoint of Find a Place LJCMS allows attackers to access sensitive database information via a crafted POST request. **Recommendations** For Find a Place LJCMS version 1.3, as a temporary workaround, consider restricting access to the "/oa.php?c=Staff&a=read" endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** joyplus-cms version 1.6 **Description** A vulnerability in the incconfig.php component allows attackers to access sensitive information. **Recommendations** For joyplus-cms version 1.6, consider restricting access to the incconfig.php component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.