Fabian Mosch

**Name of the Vulnerable Software and Affected Versions** SD.NET RIM versions prior to 4.7.3c **Description** The software contains a SQL injection issue that allows attackers to inject malicious SQL statements. Attackers can exploit this by sending specially crafted POST requests to the `/vorlagen/` endpoint through the `idtyp` and `idgremium` parameters, potentially leading to unauthorized database manipulation and information disclosure. **Recommendations** Update SD.NET RIM to version 4.7.3c or later.

**Name of the Vulnerable Software and Affected Versions** YouPHPTube versions 7.2 and earlier **Description** The issue is related to a lack of protection against SQL query structure exploitation in the plugin/Audit/Objects/AuditTable.php component of YouPHPTube. This allows a remote attacker to execute arbitrary SQL queries. **Recommendations** For YouPHPTube versions 7.2 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.