H0Yt3R

**Name of the Vulnerable Software and Affected Versions** pSys version 0.7.0 alpha **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `shownews` parameter in the "index.php" file. **Recommendations** For pSys version 0.7.0 alpha, consider restricting access to the `shownews` parameter in the "index.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Acmlmboard version 1.A2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pow` parameter in the memberlist.php file. **Recommendations** For Acmlmboard version 1.A2, consider restricting access to the memberlist.php file until a patch is available. As a temporary workaround, avoid using the `pow` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** deV!L'z Clanportal (DZCP) versions 1.4.9.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `users` parameter in an `addbuddy` operation in a `buddys` action. **Recommendations** For versions 1.4.9.6 and earlier, consider restricting access to the `addbuddy` operation in the `buddys` action to minimize the risk of exploitation. Avoid using the `users` parameter in this context until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Catviz version 0.4 beta 1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the `foreign key value` parameter in the news page and the `webpage` parameter in the webpage multi edit form. Recommendations: For Catviz version 0.4 beta 1, consider restricting access to the `foreign key value` and `webpage` parameters in the respective forms until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clever Copy version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `searchtype` parameter in the "results.php" file. **Recommendations** For Clever Copy version 3.0, consider restricting access to the `searchtype` parameter in the "results.php" file until a patch is available. As a temporary workaround, avoid using the `searchtype` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Conkurent PHPMyCart (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `cat` parameter in the "shop.php" file. This can be exploited by sending malicious input to the `/shop.php` endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Application Dynamics Cartweaver version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands, possibly related to a previous security concern. This is achieved via the `prodId` parameter in the "details.php" file. **Recommendations** For Application Dynamics Cartweaver version 3.0, avoid using the `prodId` parameter in the details.php file until the issue is resolved. As a temporary workaround, consider restricting access to the details.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gryphon gllcTS2 version 4.2.4 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `sort` parameter in the listing.php file. **Recommendations** For Gryphon gllcTS2 version 4.2.4, consider restricting access to the `sort` parameter in the listing.php file until a patch is available. As a temporary workaround, avoid using the `sort` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CaupoShop Classic version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `saArticle[ID]` parameter in the csc article details.php file. **Recommendations** For CaupoShop Classic version 1.3, restrict access to the `saArticle[ID]` parameter in the csc article details.php file to minimize the risk of exploitation. Avoid using the `saArticle[ID]` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Oxygen (aka O2PHP Bulletin Board) version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `repquote` parameter in a reply action. **Recommendations** For Oxygen (aka O2PHP Bulletin Board) version 2.0, consider restricting access to the `repquote` parameter in the reply action to minimize the risk of exploitation. Avoid using the `repquote` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyMarket version 1.72 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "shopping/index.php" endpoint. **Recommendations** For MyMarket version 1.72, consider restricting access to the `id` parameter in the shopping/index.php endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MountainGrafix easyTrade versions 2.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "detail.php" file. **Recommendations** For MountainGrafix easyTrade versions 2.x, consider restricting access to the detail.php file until a patch is available. Avoid using the `id` parameter in the detail.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JAMM CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "index.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (wBB) JGS-Treffen addon versions 2.0.2 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `view id` parameter in an 'ansicht' action within the jgs treffen.php file. **Recommendations** For versions 2.0.2 and earlier, avoid using the `view id` parameter in the 'ansicht' action until a fix is available. Consider restricting access to the jgs treffen.php file to minimize the risk of exploitation.