Zhangzhijie98

**Name of the Vulnerable Software and Affected Versions** XunRuiCMS version 4.5.6 **Description** The issue is related to Cross Site Request Forgery (CSRF), which is a type of attack that tricks a user into performing unintended actions on a web application. **Recommendations** For XunRuiCMS version 4.5.6, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive operations that could be exploited through CSRF attacks until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyouCMS version 1.5.8-UTF8-SP1 **Description** The issue concerns a Cross Site Request Forgery (CSRF) vulnerability. It affects the background, column management function, and add functionality. **Recommendations** For EyouCMS version 1.5.8-UTF8-SP1, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to the column management and add functions in the background to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jizhicms version 2.3.1 **Description** An issue was discovered that allows for a CSRF vulnerability, which can be exploited to add an admin. **Recommendations** For jizhicms version 2.3.1, as a temporary workaround, consider implementing CSRF protection measures until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jizhicms version 2.3.1 **Description** The issue is related to SQL injection in the background of the software. **Recommendations** For jizhicms version 2.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wellcms version 2.2.0 **Description** The issue is related to Cross Site Request Forgery (CSRF), which is a type of attack that tricks a user into performing unintended actions on a web application. **Recommendations** For Wellcms version 2.2.0, as a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive operations that could be exploited through CSRF attacks until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** DolphinPHP version 1.5.1 **Description** The issue concerns Cross Site Scripting (XSS) via the Background -> System -> system function -> configuration management. This allows for potential malicious script injection. **Recommendations** For DolphinPHP version 1.5.1, consider restricting access to the configuration management function until a patch is available. As a temporary workaround, avoid using the system function in the Background -> System section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.