Aresu

**Name of the Vulnerable Software and Affected Versions** Album.pl version 6.1 **Description** The issue allows remote attackers to execute arbitrary commands when an alternative configuration file is used. The exact attack vectors are not specified. **Recommendations** For Album.pl version 6.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VP-ASP (affected versions not specified) Description: A SQL injection issue exists, allowing remote attackers to gain administrator privileges. The issue is related to the `id` parameter in the "shopexd.asp" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cyberstrong eShop versions 4.2 and earlier Description: The issue allows remote attackers to steal authentication information and gain privileges. This is achieved via the `ProductCode` parameter in API endpoints such as "10expand.asp", "10browse.asp", and "20review.asp". Recommendations: For versions 4.2 and earlier, consider restricting access to the vulnerable API endpoints "10expand.asp", "10browse.asp", and "20review.asp" to minimize the risk of exploitation. Avoid using the `ProductCode` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.