G00Db0Y

**Name of the Vulnerable Software and Affected Versions** PhotoPost PHP Pro versions 4.6 and earlier **Description** The issue allows remote attackers to gain unauthorized access. This is achieved through a SQL injection vulnerability in the showphoto.php file, specifically via the `photo` variable. **Recommendations** For PhotoPost PHP Pro versions 4.6 and earlier, update to a version later than 4.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PhotoPost PHP Pro versions 4.6 and earlier **Description** The issue allows remote attackers to gain privileges. This can be achieved via the `product` parameter in "showproduct.php" or the `cat` parameter in "showcat.php". **Recommendations** For versions 4.6 and earlier, consider disabling the `showproduct.php` and `showcat.php` scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the `product` and `cat` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OWLS version 1.0 **Description** A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot) in specific parameters. This can be achieved through the `file` parameter in "index.php", the `editfile` parameter in "glossary.php", or the `editfile` parameter in "newmultiplechoice.php". **Recommendations** For OWLS version 1.0, consider restricting access to the `file`, `editfile` parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `file` parameter in "index.php" and the `editfile` parameter in "glossary.php" and "newmultiplechoice.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhpNewsManager version 1.46 **Description** A directory traversal issue exists, allowing remote attackers to retrieve arbitrary files. This is achieved by using .. (dot dot) sequences in the `clang` parameter. **Recommendations** For PhpNewsManager version 1.46, consider restricting access to the `clang` parameter in the affected functions.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `clang` parameter with .. sequences until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zorum version 3.4 **Description** The issue allows remote attackers to determine the full path of the web root via invalid parameter names in the index.php file, which reveals the path in a PHP error message. **Recommendations** For Zorum version 3.4, consider validating and sanitizing user input to prevent the display of sensitive information in error messages, such as the full path of the web root, as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zorum versions 3.4 through 3.5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `method` parameter in the index.php file. **Recommendations** For Zorum versions 3.4 and 3.5, consider disabling the `method` parameter in the index.php file as a temporary workaround until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the `method` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Citrix StoreFront versions prior to 6.0 Description: A SQL injection issue in the login.asp file allows remote attackers to obtain sensitive user information by injecting SQL statements in the `password` field. Recommendations: For versions prior to 6.0, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the login.asp file until a patch is available.