Ctacok

**Name of the Vulnerable Software and Affected Versions** Bigforum version 4.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the profil.php file when magic quotes gpc is disabled. The vulnerability can be exploited via the `id` parameter. **Recommendations** For Bigforum version 4.5, consider disabling the `id` parameter in the profil.php file until a patch is available, or enable magic quotes gpc to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** OneCMS version 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The vulnerability can be exploited via the `user` parameter in an elite action in the `index.php` file. **Recommendations** For OneCMS version 2.5, consider enabling the `magic quotes gpc` setting to prevent SQL injection attacks. As a temporary workaround, restrict access to the `index.php` file or avoid using the `user` parameter in elite actions until a patch is available.