H!Tm@N

Name of the Vulnerable Software and Affected Versions: Joomla! (affected versions not specified) Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `article` parameter in "index.php". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: com cmimarketplace version 0.1 Description: A directory traversal issue exists, allowing remote attackers to list arbitrary directories by utilizing a .. (dot dot) in the `viewit` parameter to "index.php". Recommendations: For version 0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mad4Joomla Mailforms (com mad4joomla) versions prior to 1.1.8.2 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `jid` parameter to the "index.php" endpoint. **Recommendations** For versions prior to 1.1.8.2, update to version 1.1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `jid` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ignite Gallery (com ignitegallery) versions 0.8.0 through 0.8.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `gallery` parameter in a view action to "index.php". This can lead to unauthorized access and manipulation of database content. **Recommendations** For versions 0.8.0 through 0.8.3, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `index.php` endpoint to minimize the risk of exploitation. Avoid using the `gallery` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! OwnBiblio component version 1.5.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in a catalogue action to "index.php". **Recommendations** For version 1.5.3, consider restricting access to the catalogue action in index.php to minimize the risk of exploitation. Avoid using the `catid` parameter in the affected action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! KBase (com kbase) version 1.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in an article action to the "index.php" endpoint. **Recommendations** For Joomla! KBase (com kbase) version 1.2, consider restricting access to the `id` parameter in the article action to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! Portfol (com portfol) version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `vcatid` parameter in a "viewcategory" action to "index.php". **Recommendations** For version 1.2, avoid using the `vcatid` parameter in the "viewcategory" action to "index.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com dailymessage version 1.0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the API endpoint "index.php". **Recommendations** For version 1.0.3, consider restricting access to the `id` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! component RD-Autos (com rdautos) version 1.5.5 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the `index.php` endpoint. **Recommendations** For version 1.5.5, avoid using the `id` parameter in the `index.php` endpoint until the issue is resolved. Consider temporarily restricting access to the RD-Autos component to minimize the risk of exploitation.