diff --git a/README.md b/README.md
index 408174dd00d..c0bca98183f 100644
--- a/README.md
+++ b/README.md
@@ -325,3 +325,5 @@ OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich & th
 2014-2023.
 
 ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_400px.png)
+123456🙈🤫 
+Update!
diff --git a/data/static/users.yml b/data/static/users.yml
index edfe29291bf..24efd550e93 100644
--- a/data/static/users.yml
+++ b/data/static/users.yml
@@ -147,6 +147,8 @@
   email: wurstbrot
   username: wurstbrot
   password: 'EinBelegtesBrotMitSchinkenSCHINKEN!'
+  totpSecret: IFTXE3SPOEYVURT2MRYGI52TKJ4HC3KH
+  key: timo
   role: 'admin'
   securityQuestion:
     id: 1
diff --git a/lib/insecurity.ts b/lib/insecurity.ts
index 87776eabf9d..585ad31ae6a 100644
--- a/lib/insecurity.ts
+++ b/lib/insecurity.ts
@@ -20,6 +20,7 @@ import * as utils from './utils'
 import * as z85 from 'z85'
 
 export const publicKey = fs ? fs.readFileSync('encryptionkeys/jwt.pub', 'utf8') : 'placeholder-public-key'
+const privateKey = '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQDNwqLEe9wgTXCbC7+RPdDbBbeqjdbs4kOPOIGzqLpXvJXlxxW8iMz0EaM4BKUqYsIa+ndv3NAn2RxCd5ubVdJJcX43zO6Ko0TFEZx/65gY3BE0O6syCEmUP4qbSd6exou/F+WTISzbQ5FBVPVmhnYhG/kpwt/cIxK5iUn5hm+4tQIDAQABAoGBAI+8xiPoOrA+KMnG/T4jJsG6TsHQcDHvJi7o1IKC/hnIXha0atTX5AUkRRce95qSfvKFweXdJXSQ0JMGJyfuXgU6dI0TcseFRfewXAa/ssxAC+iUVR6KUMh1PE2wXLitfeI6JLvVtrBYswm2I7CtY0q8n5AGimHWVXJPLfGV7m0BAkEA+fqFt2LXbLtyg6wZyxMA/cnmt5Nt3U2dAu77MzFJvibANUNHE4HPLZxjGNXN+a6m0K6TD4kDdh5HfUYLWWRBYQJBANK3carmulBwqzcDBjsJ0YrIONBpCAsXxk8idXb8jL9aNIg15Wumm2enqqObahDHB5jnGOLmbasizvSVqypfM9UCQCQl8xIqy+YgURXzXCN+kwUgHinrutZms87Jyi+D8Br8NY0+Nlf+zHvXAomD2W5CsEK7C+8SLBr3k/TsnRWHJuECQHFE9RA2OP8WoaLPuGCyFXaxzICThSRZYluVnWkZtxsBhW2W8z1b8PvWUE7kMy7TnkzeJS2LSnaNHoyxi7IaPQUCQCwWU4U+v4lD7uYBw00Ga/xt+7+UqFPlPVdz1yyr4q24Zxaw0LgmuEvgU5dycq8N7JxjTubX0MIRR+G9fmDBBl8=\r\n-----END RSA PRIVATE KEY-----'
 
 interface ResponseWithUser {
   status: string
diff --git a/package.json b/package.json
index e8a5b92f58c..8f6adb419e2 100644
--- a/package.json
+++ b/package.json
@@ -119,10 +119,12 @@
     "cookie-parser": "^1.4.5",
     "cors": "^2.8.5",
     "dottie": "^2.0.2",
+    "download": "^8.0.0",
     "errorhandler": "^1.5.1",
     "exif": "^0.6.0",
     "express": "^4.17.1",
     "express-ipfilter": "^1.2.0",
+    "express-jwt": "0.1.3",
     "express-rate-limit": "^5.3.0",
     "express-robots-txt": "^0.4.1",
     "express-security.txt": "^2.0.0",
@@ -130,6 +132,7 @@
     "file-stream-rotator": "^0.5.7",
     "file-type": "^16.1.0",
     "filesniffer": "^1.0.3",
+    "finale-rest": "^1.1.1",
     "fs-extra": "^9.0.1",
     "fuzzball": "^1.3.0",
     "glob": "^7.1.6",
diff --git a/routes/likeProductReviews.ts b/routes/likeProductReviews.ts
index c1518601bba..f77e28d2a5e 100644
--- a/routes/likeProductReviews.ts
+++ b/routes/likeProductReviews.ts
@@ -15,7 +15,7 @@ module.exports = function productReviews () {
   return (req: Request, res: Response, next: NextFunction) => {
     const id = req.body.id
     const user = security.authenticatedUsers.from(req)
-    db.reviews.findOne({ _id: "a" }).then((review: Review) => {
+    db.reviews.findOne({ _id: id }).then((review: Review) => {
       if (!review) {
         res.status(404).json({ error: 'Not found' })
       } else {
diff --git a/routes/updateProductReviews.ts b/routes/updateProductReviews.ts
index c4e0cf06808..c6d31a3707f 100644
--- a/routes/updateProductReviews.ts
+++ b/routes/updateProductReviews.ts
@@ -13,6 +13,19 @@ const security = require('../lib/insecurity')
 // vuln-code-snippet start noSqlReviewsChallenge forgedReviewChallenge
 module.exports = function productReviews () {
   return (req: Request, res: Response, next: NextFunction) => {
+    const user = security.authenticatedUsers.from(req) // vuln-code-snippet vuln-line forgedReviewChallenge
+    db.reviews.update( // vuln-code-snippet neutral-line forgedReviewChallenge
+      { _id: req.body.id }, // vuln-code-snippet vuln-line noSqlReviewsChallenge forgedReviewChallenge
+      { $set: { message: req.body.message } },
+      { multi: true } // vuln-code-snippet vuln-line noSqlReviewsChallenge
+    ).then(
+      (result: { modified: number, original: Array<{ author: any }> }) => {
+        challengeUtils.solveIf(challenges.noSqlReviewsChallenge, () => { return result.modified > 1 }) // vuln-code-snippet hide-line
+        challengeUtils.solveIf(challenges.forgedReviewChallenge, () => { return user?.data && result.original[0] && result.original[0].author !== user.data.email && result.modified === 1 }) // vuln-code-snippet hide-line
+        res.json(result)
+      }, (err: unknown) => {
+        res.status(500).json(err)
+      })
   }
 }
 // vuln-code-snippet end noSqlReviewsChallenge forgedReviewChallenge
diff --git a/test/smoke/Dockerfile b/test/smoke/Dockerfile
index fee38ec8cca..20df9ef06eb 100644
--- a/test/smoke/Dockerfile
+++ b/test/smoke/Dockerfile
@@ -1,3 +1,4 @@
+FROM alpine
 
 RUN apk add curl