Zhuxianjin

Name of the Vulnerable Software and Affected Versions: zz cms version 2019 Description: A SQL injection issue has been found that allows attackers to retrieve sensitive data by exploiting the `id` parameter on the "/dl/dl print.php" API endpoint. Recommendations: For zz cms version 2019, consider restricting access to the "/dl/dl print.php" page until a patch is available, and avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: A Cross Site Request Forgery (CSRF) issue was discovered, allowing attackers to create a new administrator account without authentication. Recommendations: For PHPMyWind version 5.6, consider temporarily disabling the creation of new administrator accounts until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AppCMS version 2.0.101 **Description** The issue allows for XSS via the `params` parameter in the "upload/callback.php" endpoint. **Recommendations** For AppCMS version 2.0.101, update to a newer version that contains a fix for this issue.