Abducter_Minds

**Name of the Vulnerable Software and Affected Versions** OpenBB (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the `FID` parameter to "board.php" or the `UID` parameter to "member.php". **Recommendations** For all affected versions, consider restricting access to the "board.php" and "member.php" scripts until a patch is available. As a temporary workaround, avoid using the `FID` parameter in the "board.php" script and the `UID` parameter in the "member.php" script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arab Portal version 2.0 **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved by providing a long `username` or `password`, which triggers an error message revealing the path when the undefined `errmsg` function is called. **Recommendations** For Arab Portal version 2.0, consider restricting input lengths for `username` and `password` fields to prevent the error message from revealing sensitive path information. As a temporary workaround, consider disabling the `errmsg` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Community Forum (affected versions not specified) Description: A cross-site scripting (XSS) issue exists in the Community Forum, specifically in the SearchResults.aspx page. This allows remote attackers to inject arbitrary web script or HTML via the `q` parameter in the API endpoint "/SearchResults.aspx". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.