Elusiven

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion book panel module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `bookid` parameter in the books.php file. This can be exploited by sending malicious input to the API endpoint, potentially leading to unauthorized data access or modification. **Recommendations** For the book panel module, consider restricting access to the books.php file until a patch is available. As a temporary workaround, avoid using the `bookid` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** vBulletin VBGooglemap Hotspot Edition version 1.0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mapid` parameter in a `showdetails` action to API endpoints such as "vbgooglemaphse.php" and "mapa.php". **Recommendations** For version 1.0.3, avoid using the `mapid` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "vbgooglemaphse.php" and "mapa.php" scripts to minimize the risk of exploitation.