Bgh7

**Name of the Vulnerable Software and Affected Versions** Silentum Guestbook version 2.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `messageid` parameter in the silentum guestbook.php file. **Recommendations** For Silentum Guestbook version 2.0.2, consider restricting access to the `messageid` parameter in the silentum guestbook.php file until a patch is available. As a temporary workaround, avoid using the `messageid` parameter in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** New 5 star Rating version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `det` parameter in the rating.php file. **Recommendations** For New 5 star Rating version 1.0, update the rating.php file to properly sanitize the `det` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** BS Counter version 2.5.3 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `page` parameter in the file/stats.php file. **Recommendations** For BS Counter version 2.5.3, consider restricting access to the file/stats.php file until a patch is available. As a temporary workaround, avoid using the `page` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** eZoneScripts Living Local version 1.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `r` parameter in the listtest.php file. **Recommendations** For version 1.1, avoid using the `r` parameter in the listtest.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `r` parameter to prevent malicious script injection.

**Name of the Vulnerable Software and Affected Versions** eZoneScripts Living Local version 1.1 **Description** The issue allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension to the `editimage.php` file, and then accessing it via a direct request to the uploaded file. This can be achieved by exploiting an unrestricted file upload vulnerability. **Recommendations** For version 1.1, restrict access to the `editimage.php` file to prevent unauthorized file uploads, and consider implementing validation to only allow uploading of files with specific, non-executable extensions. As a temporary workaround, consider disabling the file upload functionality in `editimage.php` until a more comprehensive fix is available.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Web Email Script Enterprise (ESE) (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "directory" action, which is part of the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.