Darkjoker

**Name of the Vulnerable Software and Affected Versions** ToyLog version 0.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `idm` parameter in the read.php file. **Recommendations** For ToyLog version 0.1, consider restricting access to the read.php file or validating and sanitizing the `idm` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `idm` parameter in the read.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MorcegoCMS versions 1.7.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the query string in the fichero.php file. **Recommendations** For MorcegoCMS versions 1.7.6 and earlier, update to a version later than 1.7.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Digitaldesign CMS version 0.1 **Description** The issue allows remote attackers to download the database file via a direct request for `autoconfig.dd` due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** For Digitaldesign CMS version 0.1, consider restricting access to the `autoconfig.dd` file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive information outside of the web root can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codice CMS version 2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tag` parameter in the "index.php" file. **Recommendations** For Codice CMS version 2, update to a version that includes a fix for this issue, or as a temporary workaround, consider restricting access to the `tag` parameter in the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YapBB versions 1.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumID` parameter in a next action in the forumhop.php file. **Recommendations** For YapBB versions 1.2 and earlier, consider restricting access to the forumhop.php file until a patch is available. As a temporary workaround, avoid using the `forumID` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Director versions 0.21 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `searching` parameter in the "index.php" file. **Recommendations** For PHP Director versions 0.21 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rhadrix If-CMS versions 2.07 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the frame.php file. **Recommendations** For versions 2.07 and earlier, update to a version later than 2.07 to resolve the issue. As a temporary workaround, consider restricting access to the `id` parameter in the frame.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Blue Eye CMS versions 1.0.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `clanek` parameter in the "index.php" endpoint. **Recommendations** For Blue Eye CMS versions 1.0.0 and earlier, consider restricting access to the `clanek` parameter in the "index.php" endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** PHP-CMS Project 1 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in the admin/login.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Community CMS versions 0.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "index.php" file. **Recommendations** For Community CMS versions 0.4 and earlier, update to a version later than 0.4 to resolve the issue. As a temporary workaround, consider restricting access to the `id` parameter in the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pre Lecture Exercises (PLEs) CMS version 1.0 beta 4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `school` parameter in the login.php file. **Recommendations** For Pre Lecture Exercises (PLEs) CMS version 1.0 beta 4.2, consider restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `school` parameter in the affected login.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteXS CMS versions 0.1.1 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `type` parameter in the "post.php" file. **Recommendations** For SiteXS CMS versions 0.1.1 and earlier, avoid using the `type` parameter in the post.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pardal CMS versions 0.2.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the comentar.php file. **Recommendations** For Pardal CMS versions 0.2.0 and earlier, consider restricting access to the comentar.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Goople CMS versions 1.8.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the frontpage.php file. **Recommendations** For Goople CMS versions 1.8.2 and earlier, avoid using the `username` parameter in the frontpage.php file until a fix is available. As a temporary workaround, consider restricting access to the frontpage.php file to minimize the risk of exploitation.