Cwh Underground

**Name of the Vulnerable Software and Affected Versions** ClipBucket version 2.7 RC3 (2.7.0.4.v2929-rc3) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `item` parameter in the view item.php file. **Recommendations** For ClipBucket version 2.7 RC3 (2.7.0.4.v2929-rc3), consider restricting access to the view item.php file until a patch is available. As a temporary workaround, avoid using the `item` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Elemata CMS version RC 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in functions/global.php. **Recommendations** For Elemata CMS version RC 3.0, avoid using the `id` parameter in the affected functions until a fix is available. Consider restricting access to functions/global.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Page Manager version 2006-02-04 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `upload.php` file, and then accessing it via a direct request. **Recommendations** For Page Manager version 2006-02-04, consider restricting access to the `upload.php` file to prevent unauthorized file uploads until a fix is available. As a temporary workaround, restrict the types of files that can be uploaded to prevent executable files from being uploaded.

**Name of the Vulnerable Software and Affected Versions** Facil CMS version 0.1RC **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `change lang` parameter to "index.php" or the `modload` parameter to "modules.php". **Recommendations** For Facil CMS version 0.1RC, consider restricting access to the `change lang` parameter in "index.php" and the `modload` parameter in "modules.php" to minimize the risk of exploitation. Avoid using the `change lang` and `modload` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenForum version 0.66 Beta **Description** The issue allows remote attackers to bypass authentication and reset passwords of other users. This can be achieved by sending a direct request with the `update` parameter set to 1 and modified `user` and `password` parameters. **Recommendations** For OpenForum version 0.66 Beta, as a temporary workaround, consider restricting access to the password reset functionality until a patch is available. Avoid using the `update` parameter with a value of 1 in conjunction with modified `user` and `password` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BrewBlogger version 2.1.0.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the `loginUsername` parameter to the "includes/logincheck.inc.php" endpoint, specifically when the `magic quotes gpc` setting is disabled. The vulnerability is related to the `authenticateUser` function in "includes/authentication.inc.php". Recommendations: For BrewBlogger version 2.1.0.1, consider disabling the `authenticateUser` function until a patch is available, or restrict access to the "includes/logincheck.inc.php" endpoint to minimize the risk of exploitation. Avoid using the `loginUsername` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: ASPThai.NET ASPThai Forums version 8.5 Description: The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database via a direct request for `database/aspthaiForum.mdb`. Recommendations: For version 8.5, restrict access to the `database/aspthaiForum.mdb` file to prevent unauthorized downloads. Consider relocating sensitive information outside the web root or implementing proper access controls to mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MindDezign Photo Gallery version 2.2 Description: The issue allows remote attackers to gain privileges by adding administrative users. This is achieved through a modified `username` parameter in an edit account action to "index.php". Recommendations: For MindDezign Photo Gallery version 2.2, consider restricting access to the admin module until a patch is available. As a temporary workaround, avoid using the `username` parameter in the affected "index.php" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MindDezign Photo Gallery version 2.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `username` parameter in a login action to the admin module in the "index.php" endpoint. Recommendations: For MindDezign Photo Gallery version 2.2, consider restricting access to the admin module in "index.php" to minimize the risk of exploitation, and avoid using the `username` parameter in login actions until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MindDezign Photo Gallery version 2.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in an 'info' action to the "index.php" endpoint when magic quotes gpc is disabled. Recommendations: For MindDezign Photo Gallery version 2.2, consider disabling the `id` parameter in the "index.php" endpoint or enabling magic quotes gpc to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ThaiQuickCart version 3 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files by manipulating the `sLanguage` cookie with a .. (dot dot) sequence. Recommendations: For ThaiQuickCart version 3, consider restricting access to the qc/index.php file until a patch is available, and avoid using the `sLanguage` cookie with unvalidated input.

**Name of the Vulnerable Software and Affected Versions** Ananta CMS version 1.0b5 **Description** The issue allows remote attackers to gain administrator privileges via a crafted `email` parameter, possibly related to code injection, when `magic quotes gpc` is disabled. **Recommendations** For Ananta CMS version 1.0b5, consider disabling the `change.php` script or restricting access to it until a patch is available, and ensure `magic quotes gpc` is enabled to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Andy's PHP Knowledgebase (aphpkb) version 0.92.9 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to saa.php, then accessing it via a link listed by authors.php. **Recommendations** For version 0.92.9, consider restricting or disabling file uploads in saa.php to prevent exploitation until a fix is available. As a temporary workaround, restrict access to authors.php to minimize the risk of linking to maliciously uploaded files. Avoid using executable file extensions in uploads to saa.php until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CMS MAXSITE (affected versions not specified) Description: A static code injection issue exists in the Guestbook component, allowing remote attackers to inject arbitrary PHP code via the `message` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ASP Portal version 3.2.5 Description: The issue allows remote attackers to download the database file via a direct request to 'ASPPortal.mdb' due to insufficient access control. This is because sensitive information is stored under the web root. Recommendations: For ASP Portal version 3.2.5, consider restricting access to the `ASPPortal.mdb` file to minimize the risk of exploitation. Additionally, review and implement proper access controls for sensitive information stored under the web root.

Name of the Vulnerable Software and Affected Versions: bcoos versions 1.0.13 and earlier Description: The issue allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the "modules/adresses/viewcat.php" file. Recommendations: For bcoos versions 1.0.13 and earlier, avoid using the `cid` parameter in the affected module until the issue is resolved. As a temporary workaround, consider restricting access to the Addresses module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyBlog (affected versions not specified) **Description** The issue allows context-dependent attackers to obtain sensitive information because passwords are stored in cleartext in a MySQL database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wbstreet (aka PHPSTREET Webboard) version 1.0 **Description** The issue allows remote attackers to obtain database credentials due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request to the `connect.inc` file. **Recommendations** For Wbstreet (aka PHPSTREET Webboard) version 1.0, consider restricting access to the `connect.inc` file to prevent unauthorized access to database credentials. As a temporary workaround, limit access to sensitive information stored under the web root until a more permanent solution is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wbstreet (aka PHPSTREET Webboard) version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "show.php" file. **Recommendations** For Wbstreet (aka PHPSTREET Webboard) version 1.0, consider restricting access to the `id` parameter in the "show.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KTP Computer Customer Database (KTPCCD) CMS (affected versions not specified) **Description** The issue concerns a directory traversal vulnerability. It allows remote attackers to include and execute arbitrary local files when the `magic quotes gpc` setting is disabled. This is achieved by using a .. (dot dot) in the `p` parameter to the default URI. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.