Hxh

**Name of the Vulnerable Software and Affected Versions** DDL CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `wwwRoot` parameter to specific PHP files, including "header.php", "submit.php", "submitted.php", and "autosubmitter/index.php". **Recommendations** For DDL CMS version 1.0, consider restricting access to the `wwwRoot` parameter in the mentioned PHP files until a patch is available. As a temporary workaround, avoid using the `wwwRoot` parameter in the affected API endpoints, such as "header.php", "submit.php", "submitted.php", and "autosubmitter/index.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyBuxScript PTC-BUX (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in an `spnews` action to the default URI, specifically in the `spnews.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtuenetz Virtue Online Test Generator (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `tid` parameter in the text.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtuenetz Virtue Online Test Generator (affected versions not specified) **Description** The issue concerns admin/index.php, which does not require administrative privileges. This allows remote authenticated users to have an unknown impact via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIDAS version 1.43 **Description** The issue allows remote attackers to bypass authentication and obtain administrative access via an admin account record in a MIDAS cookie. **Recommendations** For MIDAS version 1.43, update to a version that fixes this issue, as the current version allows unauthorized access to administrative functions.

Name of the Vulnerable Software and Affected Versions: Million Dollar Text Links version 1.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `userid` cookie to `1`, allowing unauthorized access to administrative functions. Recommendations: For Million Dollar Text Links version 1.0, consider restricting access to administrative areas until a fix is available, and avoid using the `userid` cookie as a sole means of authentication.