Zhang Zhiyi

**Name of the Vulnerable Software and Affected Versions** RPCMS versions 1.8 and below **Description** The issue arises from the improper sanitization of the `nickname` variable before it is displayed on a page. When API functions are enabled, an attacker can exploit this by updating a user's nickname with an XSS payload, achieving stored XSS. This stored XSS is triggered when users view articles published by the injected user. **Recommendations** For RPCMS versions 1.8 and below, as a temporary workaround, consider disabling API functions that allow updating user nicknames until a patch is available. Restrict access to API endpoints related to user profile updates to minimize the risk of exploitation. Avoid using the `nickname` variable in API responses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPCMS versions 1.8 and below **Description** The issue arises from the `nickname` variable not being properly sanitized before being displayed on a page. An attacker can exploit this by using the update password function to inject XSS payloads into the `nickname` variable, achieving stored XSS. When users view articles published by the injected user, the XSS is triggered. **Recommendations** For RPCMS versions 1.8 and below, as a temporary workaround, consider restricting the use of the `nickname` variable until a patch is available. Additionally, limiting user input in the update password function can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPCMS versions 1.8 and below **Description** The issue allows attackers to interact with the API and change the `role` variable to `admin`, achieving admin user registration. **Recommendations** For RPCMS versions 1.8 and below, as a temporary workaround, consider restricting access to the API endpoint that allows modification of the `role` variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS versions 2.9.4 and below **Description** The issue concerns a function in the `product.php` file that is vulnerable to sql injection. This vulnerability occurs on the `products-order` parameter through a post request, allowing for arbitrary sql query execution in the backend database. **Recommendations** For NavigateCMS versions 2.9.4 and below, as a temporary workaround, consider restricting access to the `product.php` file or disabling the functionality related to the `products-order` parameter until a patch is available. Avoid using the `products-order` parameter in post requests to the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS versions 2.9.4 and below **Description** The issue concerns a function in the `structure.php` file that is vulnerable to sql injection on the parameter `children order`. This vulnerability allows for the execution of arbitrary sql queries in the backend database. **Recommendations** For NavigateCMS versions 2.9.4 and below, consider disabling the function in `structure.php` that handles the `children order` parameter until a patch is available. Restrict access to the `structure.php` file to minimize the risk of exploitation. Avoid using the `children order` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS versions 2.9.4 and below **Description** The issue concerns a sql injection vulnerability in the `block` function, specifically affecting the `block-order` parameter. This vulnerability allows for the execution of arbitrary sql queries in the backend database. **Recommendations** For NavigateCMS versions 2.9.4 and below, consider disabling the `block` function until a patch is available to prevent exploitation of the sql injection vulnerability. Restrict access to the `block-order` parameter to minimize the risk of arbitrary sql query execution.

**Name of the Vulnerable Software and Affected Versions** NavigateCMS versions 2.9.4 and below **Description** The issue is related to a sql injection vulnerability in the `templates.php` function, specifically affecting the `template-properties-order` parameter. This vulnerability allows for the execution of arbitrary sql queries in the backend database. The vulnerability is associated with a lack of protection measures for the sql query structure, which can be exploited by a remote attacker to execute arbitrary sql code. **Recommendations** For NavigateCMS versions 2.9.4 and below, consider disabling the `templates.php` function or restricting access to the `template-properties-order` parameter until a patch is available. Avoid using the `template-properties-order` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.