Born To K!Ll

**Name of the Vulnerable Software and Affected Versions** Websens CMSbright (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id rub page` parameter in the public/page.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ParsBlogger (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the blog.asp file via the `wr` parameter in the API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AssetMan versions 2.4a and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `pdf file` parameter in the "download pdf.php" file. **Recommendations** For AssetMan versions 2.4a and earlier, update to a version later than 2.4a to resolve the issue.

Name of the Vulnerable Software and Affected Versions: phpCOIN versions RC-1 and earlier Description: A remote file inclusion issue in the modules/mail/index.php file allows remote attackers to execute arbitrary PHP code via a URL in the ` CCFG[' PKG PATH MDLS']` parameter. However, this issue has been disputed by a reliable third party, who claims that a fatal error occurs before the relevant code is reached. Recommendations: For phpCOIN versions RC-1 and earlier, as a temporary workaround, consider restricting access to the ` CCFG[' PKG PATH MDLS']` parameter in the modules/mail/index.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.