Deadly Demon

**Name of the Vulnerable Software and Affected Versions** MH Products Projekt Shop (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `ts` parameter to "details.php" and possibly the `ilceler` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MH Products Pay Pal Shop Digital (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ItemID` parameter in the "view item.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ero Auktion 2010 version not specified **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "item.php" file. This is a different attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oto Galeri Sistemi version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `arac` parameter to "carsdetail.asp" and the `marka` parameter to "twohandscars.asp". **Recommendations** For Oto Galeri Sistemi version 1.0, consider restricting access to the "carsdetail.asp" and "twohandscars.asp" pages until a patch is available. As a temporary workaround, avoid using the `arac` and `marka` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Mafya Oyun Scrpti (aka Mafia Game Script) (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the profil.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.