Hacker_Egy

**Name of the Vulnerable Software and Affected Versions** CadeNix (affected versions not specified) **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `cid` parameter in the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** E-Php CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `es id` parameter in the "article.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBizz-Classifieds (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the "index.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maxtrade AIO version 1.3.23 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `categori` parameter in a `pocategorisell` action to the "modules.php" endpoint. **Recommendations** For Maxtrade AIO version 1.3.23, avoid using the `categori` parameter in the affected "modules.php" endpoint until the issue is resolved. Consider restricting access to the Trade module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Real Estate Script (affected versions not specified) Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `docID` parameter in the "dpage.php" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 68 Classifieds version 4.0.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the category.php file. Recommendations: For version 4.0.1, consider restricting access to the category.php file until a patch is available. As a temporary workaround, avoid using the `cat` parameter in the category.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PHPWAY Kostenloses Linkmanagementscript (affected versions not specified) Description: The issue concerns remote file inclusion vulnerabilities. Remote attackers can execute arbitrary PHP code via a URL in the `main page directory` and `page to include` parameters in the "template/index.php" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Automated Link Exchange Portal (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in the linking.page.php file, which is sometimes renamed to link.php, links.php, etc. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: EMO Realty Manager (affected versions not specified) Description: A SQL injection issue exists in the news.php file of EMO Realty Manager, allowing remote attackers to execute arbitrary SQL commands by manipulating the `ida` parameter in the API endpoint, potentially leading to unauthorized data access or modification. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Miniweb blogwriter module version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `historymonth` parameter to the "index.php" endpoint. Recommendations: For Miniweb blogwriter module version 2.0, consider restricting access to the `historymonth` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `historymonth` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Musicbox versions 2.3.6 through 2.3.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `artistId` parameter in the "viewalbums.php" file. **Recommendations** For Musicbox versions 2.3.6 and 2.3.7, avoid using the `artistId` parameter in the vulnerable "viewalbums.php" file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joovili version 3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `category` parameter in the "browse.videos.php" file. **Recommendations** For Joovili version 3.1, consider restricting access to the `browse.videos.php` file until a patch is available, and avoid using the `category` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** World of Phaos version 4.0.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the showSource function in showSource.php. This is achieved by using directory traversal sequences in the `file` parameter. **Recommendations** For World of Phaos version 4.0.1, consider restricting access to the showSource.php file or the showSource function until a patch is available. As a temporary workaround, avoid using the `file` parameter in the showSource function to minimize the risk of exploitation.