Ajann

**Name of the Vulnerable Software and Affected Versions** DMXReady Secure Document Library versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the CategoryManager/upload image category.asp file. **Recommendations** For DMXReady Secure Document Library versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue. As a temporary workaround, consider restricting access to the CategoryManager/upload image category.asp file to minimize the risk of exploitation. Avoid using the `cid` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DMXReady Member Directory Manager versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the CategoryManager/upload image category.asp file. **Recommendations** For versions 1.1 and earlier, avoid using the `cid` parameter in the CategoryManager/upload image category.asp file until a fix is available. As a temporary workaround, consider restricting access to the CategoryManager/upload image category.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DMXReady Classified Listings Manager versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the CategoryManager/upload image category.asp file. **Recommendations** For DMXReady Classified Listings Manager versions 1.1 and earlier, consider restricting access to the CategoryManager/upload image category.asp file until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! RSfiles component (com rsfiles) versions 1.0.2 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `path` parameter within a "files.display" action. **Recommendations** For versions 1.0.2 and earlier, consider restricting access to the `index.php` file in the RSfiles component until a patch is available. As a temporary workaround, avoid using the `path` parameter in the "files.display" action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo com remository component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in a 'selectcat' action within the index.php file of the RemoSitory component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! com eventlist versions 0.8 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `did` parameter in a "details" action within the index.php file of the EventList component. **Recommendations** For versions 0.8 and earlier, update to a version later than 0.8 to resolve the issue. As a temporary workaround, consider restricting access to the details action in the EventList component to minimize the risk of exploitation. Avoid using the `did` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jombib versions 1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `afilter` parameter in the index.php file of the com jombib component. **Recommendations** For versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue. As a temporary workaround, consider restricting access to the `afilter` parameter in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com neorecruit versions 1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in an "offer view" action in the index.php file of the com neorecruit component. **Recommendations** For versions 1.4 and earlier, update to a version later than 1.4 to resolve the issue. As a temporary workaround, consider restricting access to the "offer view" action in the index.php file of the com neorecruit component to minimize the risk of exploitation. Avoid using the `id` parameter in the affected action until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Pony Gallery (com ponygallery) versions 1.5 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the `catid` parameter in the index.php file. This can lead to unauthorized access and manipulation of database content. Recommendations: For versions 1.5 and earlier, update to a version later than 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or disabling the `catid` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SpoonLabs Vivvo Article Management CMS (aka phpWordPress) versions 3.4 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `category` parameter in the "index.php" file. Recommendations: For versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the `category` parameter in the "index.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ResManager module for Xoops versions 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id reserv` parameter in the edit day.php file. **Recommendations** For ResManager module for Xoops versions 1.2.1 and earlier, avoid using the `id reserv` parameter in the edit day.php file until a fix is available. Consider restricting access to the edit day.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Glossaire module for Xoops versions 1.7 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `sid` parameter in an "ImprDef" action. **Recommendations** For Glossaire module for Xoops versions 1.7 and earlier, avoid using the `sid` parameter in the affected API endpoint until the issue is resolved. Restrict access to the vulnerable module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** John Mordo Jobs module for XOOPS versions 2.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in a "jobsview" action in the index.php file. **Recommendations** For John Mordo Jobs module for XOOPS versions 2.4 and earlier, consider restricting access to the `cid` parameter in the "jobsview" action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WF-Links (wflinks) module for XOOPS versions 1.03 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the viewcat.php file. **Recommendations** For WF-Links (wflinks) module for XOOPS versions 1.03 and earlier, consider restricting access to the viewcat.php file until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PopnupBlog versions 2.52 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands, possibly involving the `get blogid from postid` function in `class/PopnupBlogUtils.php`, via the `postid` parameter in `index.php`. **Recommendations** For PopnupBlog versions 2.52 and earlier, consider restricting access to the `index.php` file until a patch is available, and avoid using the `postid` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WF-Section (aka WF-Sections) version 1.0.1 Zmagazine version 1.0 Happy Linux XFsection versions 1.07 and earlier **Description** A SQL injection issue exists in the getArticle function in class/wfsarticle.php, allowing remote attackers to execute arbitrary SQL commands via the `articleid` parameter to "print.php". **Recommendations** For WF-Section (aka WF-Sections) version 1.0.1, avoid using the `articleid` parameter in the affected API endpoint until the issue is resolved. For Zmagazine version 1.0, restrict access to the vulnerable module to minimize the risk of exploitation. For Happy Linux XFsection versions 1.07 and earlier, consider disabling the getArticle function in class/wfsarticle.php as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rha7 Downloads (rha7downloads) versions 1.0 through 1.10 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lid` parameter in the visit.php file. **Recommendations** For versions 1.0 through 1.10, consider restricting access to the visit.php file until a patch is available. As a temporary workaround, avoid using the `lid` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WF-Snippets module for XOOPS versions 1.02 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `c` parameter in a 'cat' action within the index.php file of the WF-Snippets module. **Recommendations** For WF-Snippets module for XOOPS versions 1.02 and earlier, consider restricting access to the `index.php` file until a patch is available, and avoid using the `c` parameter in the 'cat' action to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MyAds module for Xoops versions 2.04jp and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the `cid` parameter in the index.php file. This is achieved through different vectors. Recommendations: For MyAds module for Xoops versions 2.04jp and earlier, avoid using the `cid` parameter in the index.php file until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Xoops Repository module (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the viewcat.php file. Recommendations: For the affected version, consider restricting access to the viewcat.php file in the Repository module until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the vulnerable API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.