Zhaohuan

**Name of the Vulnerable Software and Affected Versions** Discuz! JiangHu Inn plugin versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a show action to the "forummission.php" endpoint. **Recommendations** For versions 1.1 and earlier, consider restricting access to the "forummission.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the show action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Discuz! Crazy Star plugin version 2.0 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `fmid` parameter in a "view" action in the `plugin.php` file of the Crazy Star plugin. **Recommendations** For version 2.0 of the Crazy Star plugin, avoid using the `fmid` parameter in the "view" action until a fix is available. As a temporary workaround, consider restricting access to the `plugin.php` file to minimize the risk of exploitation.