Francesco Laurita

**Name of the Vulnerable Software and Affected Versions** Ban version 0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the connexion.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For Ban version 0.1, consider restricting access to the connexion.php file or validating and sanitizing the `id` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `id` parameter in the affected file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jean-Christophe Ramos SCRIPT BANNIERES versions prior to a fixed version **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the modules/bannieres/bannieres.php file. **Recommendations** For versions prior to the fixed version, consider restricting access to the `bannieres.php` file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ackerTodo versions 4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the `up login`, `up pass`, or `up num tasks` parameters in the gadget/login.php endpoint. **Recommendations** For ackerTodo versions 4.2 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the gadget/login.php endpoint to minimize the risk of exploitation. Avoid using the `up login`, `up pass`, or `up num tasks` parameters in the gadget/login.php endpoint until the issue is resolved.