Bosen

Name of the Vulnerable Software and Affected Versions: Brooky eStore versions 1.0.1 through 1.0.2b Description: The issue allows remote attackers to bypass authentication and execute arbitrary SQL code. This is achieved via the `user` or `pass` parameters. Recommendations: For versions 1.0.1 through 1.0.2b, as a temporary workaround, consider restricting access to the login.asp page until a patch is available. Avoid using the `user` and `pass` parameters in the login process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Brooky eStore versions 1.0.1 through 1.0.2b Description: The issue allows remote attackers to obtain sensitive path information via a direct HTTP request to "settings.inc.php". Recommendations: For versions 1.0.1 through 1.0.2b, consider restricting access to the "settings.inc.php" file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ProductCart versions 1.5 through 2 Description: The issue allows remote attackers to gain unauthorized access and privileges. This can be achieved through SQL injection vulnerabilities, specifically by manipulating the `idadmin` parameter to `login.asp` or the `Email` parameter to `Custva.asp`. Recommendations: For ProductCart versions 1.5 through 2, consider restricting access to the `login.asp` and `Custva.asp` pages until a fix is available. As a temporary workaround, avoid using the `idadmin` and `Email` parameters in the affected API endpoints.