Cwh

**Name of the Vulnerable Software and Affected Versions** DeDeCMS version 5.6 **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved by manipulating the `id` parameter in the following API endpoints: "list.php", "members.php", or "book.php". **Recommendations** For DeDeCMS version 5.6, as a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoints until a patch is available. Avoid using the `id` parameter in the "list.php", "members.php", and "book.php" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gravity Board X (GBX) version 2.0 Beta **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `subject` parameter in a "postnewsubmit" (also known as "create new thread") action. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Gravity Board X (GBX) version 2.0 Beta, consider restricting access to the "postnewsubmit" action until a fix is available, and avoid using the `subject` parameter in this action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Benja CMS version 0.1 **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary PHP files. The attack is carried out via unspecified vectors, followed by a direct request to the file in the billeder/ directory. **Recommendations** For Benja CMS version 0.1, restrict access to the admin/upload.php file to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in admin/upload.php until a patch is available.