Angel25Dz

**Name of the Vulnerable Software and Affected Versions** Diskos CMS versions 6.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `kat` parameter to "side.asp", and the `brugerid` and `password` fields to the administration login feature. **Recommendations** For Diskos CMS versions 6.x, as a temporary workaround, consider restricting access to the administration login feature and the "side.asp" page until a patch is available. Avoid using the `brugerid` and `password` fields in the administration login feature, and the `kat` parameter in the "side.asp" page, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Diskos CMS versions 6.x **Description** The issue allows remote attackers to download a database via a direct request for specific files, including `artikler prod.mdb` or `medlemmer.mdb`, due to insufficient access control. **Recommendations** For Diskos CMS version 6.x, restrict access to sensitive files, such as `artikler prod.mdb` and `medlemmer.mdb`, to prevent unauthorized downloads. Consider moving these files outside of the web root or implementing proper access controls to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Web Scribble Solutions webClassifieds 2005 **Description** The issue concerns SQL injection vulnerabilities in the index.php file of webClassifieds 2005. Remote attackers can execute arbitrary SQL commands by manipulating the `user` and `password` fields in a sign in action. **Recommendations** For webClassifieds 2005, consider validating and sanitizing user input for the `user` and `password` fields to prevent SQL injection attacks. As a temporary workaround, restrict access to the sign in action until a proper fix is applied.