Br0Ly

**Name of the Vulnerable Software and Affected Versions** Zeus Cart versions 2.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `maincatid` parameter in a "showmaincatlanding" action. **Recommendations** For Zeus Cart versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue. As a temporary workaround, consider restricting access to the `maincatid` parameter in the affected API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** School Data Navigator (affected versions not specified) **Description** A remote file inclusion issue in the School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter. This can also be used to include and execute arbitrary local files using .. (dot dot) sequences. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RadCLASSIFIEDS Gold version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `seller` parameter in a search action within the index.php file. **Recommendations** For RadCLASSIFIEDS Gold version 2.0, consider restricting access to the vulnerable index.php file until a patch is available. As a temporary workaround, avoid using the `seller` parameter in search actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mundi Mail version 0.8.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `top` parameter when `register globals` is enabled. If `allow url fopen` is disabled, it is possible to perform directory traversal attacks to include and execute arbitrary local files. **Recommendations** For Mundi Mail version 0.8.2, consider disabling the `register globals` setting to prevent remote code execution. Additionally, enable `allow url fopen` to prevent directory traversal attacks, or restrict access to the `template/simpledefault/admin/ masterlayout.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentVolve version 1.4 **Description** The issue allows remote attackers to delete arbitrary files due to a directory traversal vulnerability in the archive.php file when register globals is enabled. This is achieved by using a .. (dot dot) in the `deleteTorrent` parameter. **Recommendations** For TorrentVolve version 1.4, consider disabling the `deleteTorrent` parameter in the archive.php file until a patch is available, or ensure register globals is disabled to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** phpWebThings versions 1.5.2 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `module` parameter in the help.php file when magic quotes gpc is disabled. **Recommendations** For phpWebThings versions 1.5.2 and earlier, consider disabling the help.php file or restricting access to it until a patch is available. Avoid using the `module` parameter in the help.php file with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yogurt version 0.3 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the writemessage.php file when register globals is enabled. The vulnerability can be exploited via the `original` parameter. **Recommendations** For Yogurt version 0.3, consider disabling the register globals setting to mitigate the risk of SQL injection attacks. Additionally, restrict access to the writemessage.php file until a patch is available. Avoid using the `original` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Yogurt version 0.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `msg` parameter in the "index.php" file. This could potentially lead to unauthorized actions on the affected web application. **Recommendations** For Yogurt version 0.3, consider restricting access to the `msg` parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the `msg` parameter until a patch is available.

Name of the Vulnerable Software and Affected Versions: PHPenpals versions 1.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the "mail.php" file. Recommendations: For PHPenpals versions 1.1 and earlier, avoid using the `ID` parameter in the "mail.php" file until the issue is resolved. Consider restricting access to the "mail.php" file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Rama Zaiten CMS versions 0.9.8 and earlier Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `file` parameter of the "download.php" endpoint. Recommendations: For Rama Zaiten CMS versions 0.9.8 and earlier, consider restricting access to the download.php endpoint until a patch is available. As a temporary workaround, avoid using the `file` parameter in the download.php endpoint to minimize the risk of exploitation.