Dj Remix

**Name of the Vulnerable Software and Affected Versions** Hazir Site version 2.0 **Description** The issue allows remote attackers to bypass authentication. This can be achieved via the `k a` class or the `sifre` parameter. **Recommendations** For Hazir Site version 2.0, consider restricting access to the `giris yap.asp` file until a patch is available. As a temporary workaround, avoid using the `sifre` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OzzyWork Gallery versions 2.0 and earlier **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary ASP files by bypassing client-side security checks. **Recommendations** For OzzyWork Gallery versions 2.0 and earlier, consider disabling the file upload functionality in add.asp until a patch is available to prevent the upload and execution of arbitrary ASP files. Restrict access to the add.asp module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Emek Portal version 2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands by injecting into the `k a` and `sifre` parameters in the uyegiris.asp file. This is achieved by simultaneously injecting into the user name and pass fields. **Recommendations** For Emek Portal version 2.1, consider restricting access to the giris yap.asp file until a patch is available. As a temporary workaround, avoid using the `k a` and `sifre` parameters in the uyegiris.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dayfox Blog version 2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `slogin` parameter in several scripts, including "adminlog.php", "postblog.php", "index.php", and "index2.php" in the "/edit" directory. **Recommendations** For Dayfox Blog version 2.0, consider restricting access to the `slogin` parameter in the affected scripts until a patch is available. As a temporary workaround, restrict access to the "/edit" directory to minimize the risk of exploitation. Avoid using the `slogin` parameter in the affected API endpoints until the issue is resolved.