Jadi

Name of the Vulnerable Software and Affected Versions: Social Site Generator (SSG) version 2.0 Description: The issue allows remote attackers to read arbitrary files. This is achieved via the `file` parameter to several API endpoints: "filedload.php", "webadmin/download.php", and "webadmin/download file.php". Recommendations: For Social Site Generator (SSG) version 2.0, as a temporary workaround, consider restricting access to the `file` parameter in the affected API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! component Bible Study (com biblestudy) versions prior to 6.0.7c **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a mediaplayer action to "index.php". **Recommendations** For versions prior to 6.0.7c, update to version 6.0.7c or later to resolve the issue.