J0J0

**Name of the Vulnerable Software and Affected Versions** Digital Hive versions 2.0 RC2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `selectskin` parameter to an unspecified program. Additionally, remote authenticated administrators can execute arbitrary SQL commands via the `user id` parameter in the "gestion membre.php" page to "base.php". **Recommendations** For Digital Hive versions 2.0 RC2 and earlier, consider restricting access to the `selectskin` parameter and the `user id` parameter in the "gestion membre.php" page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xforum version 1.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The `topic` parameter is affected, and possibly the `categorie` parameter as well. **Recommendations** For Xforum version 1.4, consider restricting access to the `liretopic.php` file until a patch is available. As a temporary workaround, avoid using the `topic` parameter in the affected API endpoint, and possibly the `categorie` parameter, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DomPHP versions 0.81 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `mail` parameter in the welcome/inscription.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For DomPHP versions 0.81 and earlier, consider restricting access to the welcome/inscription.php file until a patch is available. As a temporary workaround, avoid using the `mail` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.