Censored

**Name of the Vulnerable Software and Affected Versions** Qualiteam X-Cart version 4.0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different PHP files, including `cat` or `printable` in 'home.php', `productid` or `mode` in 'product.php', `id` in 'error message.php', `section` in 'help.php', `mode` in 'orders.php', `mode` in 'register.php', `mode` in 'search.php', or `gcid` and `gcindex` in 'giftcert.php'. **Recommendations** For Qualiteam X-Cart version 4.0.8, consider restricting access to the mentioned PHP files and parameters until a patch is available. As a temporary workaround, avoid using the parameters `cat`, `printable`, `productid`, `mode`, `id`, `section`, `gcid`, and `gcindex` in their respective files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** X-Cart version 4.0.8 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different PHP files. This can be achieved through the `cat` or `printable` parameter to "home.php", `productid` or `mode` parameter to "product.php", `id` parameter to "error message.php", `section` parameter to "help.php", `mode` parameter to "orders.php", `mode` parameter to "register.php", `mode` parameter to "search.php", or the `gcid` or `gcindex` parameter to "giftcert.php". **Recommendations** For X-Cart version 4.0.8, update to a version that includes a fix for this issue to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the affected PHP files until a patch is available. Avoid using the parameters `cat`, `printable`, `productid`, `mode`, `id`, `section`, `gcid`, and `gcindex` in the respective API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PortailPHP version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to various modules, including News, File, Liens, or Faq. **Recommendations** For PortailPHP version 1.3, avoid using the `id` parameter in the affected modules until the issue is resolved. Consider restricting access to these modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dream4 Koobi CMS version 4.2.3 Description: The issue concerns SQL injection vulnerabilities in the index.php file of Dream4 Koobi CMS. Remote attackers can execute arbitrary SQL commands by manipulating the `q` or `p` parameters. Recommendations: For Dream4 Koobi CMS version 4.2.3, avoid using the `q` and `p` parameters in the index.php file until a patch is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.