Ihsansencan

**Name of the Vulnerable Software and Affected Versions** Joomla! JSP Tickets version 1.1 **Description** A SQL Injection issue exists in the JSP Tickets component for Joomla! via the `ticketcode` parameter in a 'ticketlist' edit action, or the `id` parameter in a 'statuslist' (or 'prioritylist') edit action. **Recommendations** For Joomla! JSP Tickets version 1.1, avoid using the `ticketcode` parameter in the 'ticketlist' edit action and the `id` parameter in the 'statuslist' (or 'prioritylist') edit action until a fix is available. As a temporary workaround, consider restricting access to these edit actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! Zh GoogleMap version 8.4.0.0 **Description** The issue exists due to SQL Injection in the Zh GoogleMap component for Joomla!. This occurs via the `id` parameter in specific requests, including "getPlacemarkDetails", "getPlacemarkHoverText", "getPathHoverText", or "getPathDetails" requests. **Recommendations** For Joomla! Zh GoogleMap version 8.4.0.0, avoid using the `id` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the Zh GoogleMap component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component Zh YandexMap version 6.2.1.0 **Description** The issue exists due to SQL Injection in the Zh YandexMap component for Joomla!. This occurs via the `id` parameter in a "task=getPlacemarkDetails" request. **Recommendations** For version 6.2.1.0, avoid using the `id` parameter in the "task=getPlacemarkDetails" request until the issue is resolved. Consider restricting access to this request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JEXTN Reverse Auction version 3.1.0 **Description** A SQL Injection issue exists in the JEXTN Reverse Auction component for Joomla. This issue can be exploited via a request to the `view=products&uid=` endpoint, where the `uid` parameter is vulnerable to injection. **Recommendations** For JEXTN Reverse Auction version 3.1.0, consider disabling the `view=products` endpoint or restricting access to it until a patch is available. Avoid using the `uid` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JEXTN Classified version 1.0.0 **Description** A SQL Injection issue exists in the JEXTN Classified component for Joomla!. This issue can be exploited via a request to the "view=boutique&sid=" endpoint. **Recommendations** For JEXTN Classified version 1.0.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** JMS Music version 1.1.1 **Description** The issue exists due to SQL Injection in the JMS Music component for Joomla, which can be exploited via a search using the `keyword`, `artist`, or `username` parameter. **Recommendations** For JMS Music version 1.1.1, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Event Manager version 1.0 **Description** A SQL Injection issue exists, allowing potential exploitation via the `id` parameter in the "event.php" endpoint or the `slug` parameter in the "page.php" endpoint. **Recommendations** For Event Manager version 1.0, consider restricting access to the `event.php` and `page.php` endpoints until a patch is available, and avoid using the `id` and `slug` parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! CP Event Calendar version 3.0.1 **Description** A SQL Injection issue exists in the CP Event Calendar component for Joomla!. This issue is exploitable via the `id` parameter in a "task=load" action. **Recommendations** For version 3.0.1, avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TSiteBuilder version 1.0 **Description** A SQL Injection issue exists, allowing exploitation via the `id` parameter in API endpoints such as "/site.php", "/pagelist.php", or "/page new.php". **Recommendations** For TSiteBuilder version 1.0, consider restricting access to the `id` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in "/site.php", "/pagelist.php", or "/page new.php" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flexible Poll version 1.2 Description: A SQL Injection issue exists, allowing exploitation via the `id` parameter to "mobile preview.php" or "index.php" API endpoints. Recommendations: For Flexible Poll version 1.2, avoid using the `id` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to "mobile preview.php" and "index.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paid To Read Script version 2.0.5 **Description** The issue concerns SQL Injection, which can be exploited via specific parameters in certain PHP files. The vulnerable parameters are `uid` in 'admin/userview.php', `fnum` in 'admin/viewemcamp.php', and `fn` in 'admin/viewvisitcamp.php'. **Recommendations** For Paid To Read Script version 2.0.5, consider restricting access to the `uid`, `fnum`, and `fn` parameters in the respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FS Lynda Clone version 1.0 **Description** The issue is related to SQL Injection, which occurs via the `keywords` parameter to the "tutorial/" endpoint. **Recommendations** For FS Lynda Clone version 1.0, avoid using the `keywords` parameter in the "tutorial/" endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Multivendor Penny Auction Clone Script version 1.0 **Description** The issue is related to SQL Injection, which occurs via the PATH INFO to the "/detail" API endpoint. This allows for potential exploitation. **Recommendations** For Multivendor Penny Auction Clone Script version 1.0, consider restricting access to the "/detail" API endpoint until a patch is available. As a temporary workaround, avoid using user-supplied input in the PATH INFO to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FS Linkedin Clone version 1.0 **Description** The issue concerns SQL Injection, which can be exploited via specific parameters in certain PHP files. The vulnerable parameters include `grid` in "group.php", `fid` in "profile.php", and `id` in "company details.php". **Recommendations** For FS Linkedin Clone version 1.0, consider restricting access to the vulnerable parameters `grid`, `fid`, and `id` in the respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** FS Makemytrip Clone version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the "show-flight-result.php" endpoint, specifically through the `fl orig` or `fl dest` parameters. **Recommendations** For FS Makemytrip Clone version 1.0, consider restricting access to the "show-flight-result.php" endpoint or validating and sanitizing the `fl orig` and `fl dest` parameters to prevent SQL Injection attacks. As a temporary workaround, avoid using the `fl orig` and `fl dest` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FS IMDB Clone version 1.0 **Description** The issue concerns SQL Injection, which can be exploited via specific parameters in certain PHP files. The vulnerable parameters are `f` in 'movie.php', `s` in 'tvshow.php', and `id` in 'show misc video.php'. **Recommendations** For FS IMDB Clone version 1.0, consider restricting access to the vulnerable parameters `f`, `s`, and `id` in the respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beauty Parlour Booking Script version 1.0 **Description** The issue is related to SQL Injection, which can be exploited via the `/list` API endpoint, specifically through the `gender` or `city` parameters. **Recommendations** For Beauty Parlour Booking Script version 1.0, consider restricting access to the `/list` API endpoint until a patch is available, and avoid using the `gender` or `city` parameters in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nearbuy Clone Script version 3.2 **Description** The issue is related to SQL Injection, which occurs via the `category list.php` `search` parameter. This allows for potential exploitation. **Recommendations** For Nearbuy Clone Script version 3.2, update the script to properly sanitize and validate user input for the `search` parameter in `category list.php` to prevent SQL Injection attacks. As a temporary workaround, consider restricting access to the `category list.php` page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Advance Online Learning Management Script version 3.1 **Description** The issue is related to SQL Injection, which can be exploited via the `courselist.php` `subcatid` or `popcourseid` parameters. **Recommendations** For Advance Online Learning Management Script version 3.1, consider restricting access to the `courselist.php` page or validating and sanitizing the `subcatid` and `popcourseid` parameters to prevent SQL Injection attacks.

**Name of the Vulnerable Software and Affected Versions** Advanced Real Estate Script version 4.0.7 **Description** The issue concerns a SQL Injection problem. It affects the search-results.php file through the `Projectmain`, `proj type`, `searchtext`, `sell price`, or `maxprice` parameters. **Recommendations** For Advanced Real Estate Script version 4.0.7, consider restricting access to the search-results.php file until a patch is available. As a temporary workaround, avoid using the `Projectmain`, `proj type`, `searchtext`, `sell price`, or `maxprice` parameters in the search-results.php file to minimize the risk of exploitation.