Zonta

**Name of the Vulnerable Software and Affected Versions** DBHcms version 1.1.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `editmenu` parameter in the index.php file. **Recommendations** For DBHcms version 1.1.4, avoid using the `editmenu` parameter in the index.php file until a patch is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OrangeHRM version 2.6.0.1 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `uri` parameter in the index.php file. **Recommendations** For OrangeHRM version 2.6.0.1, consider restricting access to the `uri` parameter in the index.php file to prevent directory traversal attacks until a patch is available.