K1Tk4T

Name of the Vulnerable Software and Affected Versions: AuraCMS versions 2.2 through 2.2.2 Description: The issue concerns a lack of authentication in the js/pages/pages data.php file, allowing remote attackers to modify web content. This can be achieved by altering the `id` parameter. Recommendations: For AuraCMS versions 2.2 through 2.2.2, consider restricting access to the js/pages/pages data.php file until a patch is available. As a temporary workaround, avoid using the modified `id` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AuraCMS version 1.62 Mod Block Statistik for AuraCMS **Description** The issue allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to "index.php", and then execute online.db.txt via a certain request to "index.php". **Recommendations** For AuraCMS version 1.62, consider disabling the stat action to index.php until a patch is available. For Mod Block Statistik for AuraCMS, restrict access to the online.db.txt file to minimize the risk of exploitation. Avoid using the X-Forwarded-For HTTP header in the stat action to index.php until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AuraCMS version 2.2 **Description** The issue allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the `act` parameter. This could involve the news pilih component and may be used to bypass protection mechanisms, such as including admin/admin users.php to access restricted areas. **Recommendations** For AuraCMS version 2.2, consider restricting access to the `act` parameter in the index.php file to prevent directory traversal attacks. As a temporary workaround, restrict access to sensitive files like admin/admin users.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeWebshop version 2.2.1 MOG - Web Shop (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `prod` parameter in a "details" action, the `cat` parameter in a "browse list" action, or the `group` parameter in a "categories" action. **Recommendations** For FreeWebshop version 2.2.1, consider restricting access to the `index.php` file until a patch is available. As a temporary workaround, avoid using the parameters `prod`, `cat`, and `group` in their respective actions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Toko Instan version 7.6 **Description** The issue concerns SQL injection vulnerabilities in the index.php file. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the `id` parameter in an 'artikel' action or the `katid` parameter in a 'produk' action. **Recommendations** For Toko Instan version 7.6, consider restricting access to the `id` and `katid` parameters in the 'artikel' and 'produk' actions, respectively, until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoint.

Name of the Vulnerable Software and Affected Versions: MultiCart version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `catid` parameter to "categorydetail.php" and the `ddlCategory` parameter to "search.php". Recommendations: For MultiCart version 1.0, consider restricting access to the "categorydetail.php" and "search.php" scripts until a patch is available. As a temporary workaround, avoid using the `catid` and `ddlCategory` parameters in the affected API endpoints.

Name of the Vulnerable Software and Affected Versions: AuraCMS version 2.1 Description: The issue allows remote attackers to upload and execute arbitrary PHP files via the `image` parameter in mod/contak.php, which places a file under files/. Recommendations: For AuraCMS version 2.1, consider restricting access to the mod/contak.php file to prevent remote attackers from uploading arbitrary PHP files. As a temporary workaround, restrict the use of the `image` parameter in the affected module until a patch is available.

Name of the Vulnerable Software and Affected Versions: AuraCMS versions 2.1 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `pilih` parameter in the "index.php" file. Recommendations: For AuraCMS versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: AuraCMS versions 1.x through 2.x Description: The issue allows remote attackers to execute arbitrary PHP code via specific pathways, including UNC share pathnames or certain URL types, by exploiting the `pilih` parameter in index.php. This is due to an incomplete blacklist that only blocks PHP remote file inclusion for http URLs, leaving other protocols vulnerable. Recommendations: For AuraCMS versions 1.x through 2.x, consider restricting access to the `pilih` parameter in index.php to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, avoid using UNC share pathnames, ftp, ftps, or ssh2.sftp URLs in the `pilih` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Webace-Linkscript (wls) version 1.3 Special Edition (SE) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "rubrik go" action. Recommendations: For Webace-Linkscript (wls) version 1.3 Special Edition (SE), avoid using the `id` parameter in the affected action until the issue is resolved. Consider restricting access to the start.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: RW::Download version 2.0.3 lite Description: The issue concerns SQL injection vulnerabilities in the UPLOAD/index.php file. Remote attackers can execute arbitrary SQL commands by manipulating the `dlid` or `cid` parameters. Recommendations: For RW::Download version 2.0.3 lite, avoid using the `dlid` and `cid` parameters in the UPLOAD/index.php file until a patch is available. As a temporary workaround, consider restricting access to the UPLOAD/index.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: AuraCMS version 1.5rc Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter in several scripts, including "hal.php", "cetak.php", "lihat.php", "pesan.php", and "teman.php". In some cases, these scripts may be accessed through requests to the product's top-level default URI using the `pilih` parameter. Recommendations: For AuraCMS version 1.5rc, consider restricting access to the vulnerable scripts "hal.php", "cetak.php", "lihat.php", "pesan.php", and "teman.php" to minimize the risk of exploitation. Avoid using the `id` parameter in these scripts until the issue is resolved. Additionally, restrict the use of the `pilih` parameter when accessing the product's top-level default URI. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TLM CMS versions 1.1 through 3.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via several parameters, including `id` in `news.php`, `idnews` in `goodies.php`, `id` in `file.php`, `ID` in `affichage.php`, `id sal` in `mod forum/afficher.php`, and `id sujet` in `mod forum/messages.php`. The `goodies.php` and `affichage.php` scripts can also be reached through `index.php`. Recommendations: For TLM CMS versions 1.1 through 3.2, consider disabling the affected parameters, such as `id`, `idnews`, `ID`, `id sal`, and `id sujet`, in their respective scripts until a patch is available. Restrict access to the vulnerable scripts, including `news.php`, `goodies.php`, `file.php`, `affichage.php`, `mod forum/afficher.php`, and `mod forum/messages.php`, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CartKeeper CKGold Shopping Cart version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `category id` parameter in the "category.php" file. Recommendations: For CartKeeper CKGold Shopping Cart version 2.0, consider restricting access to the `category id` parameter in the "category.php" file until a patch is available. As a temporary workaround, avoid using the `category id` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Yvora version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the error view.php file. Recommendations: For Yvora version 1.0, consider restricting access to the error view.php file or avoiding the use of the `ID` parameter until a patch is available. As a temporary workaround, restrict the execution of arbitrary SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ABC eStore version 3.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `cat id` parameter in the "index.php" file. **Recommendations** For ABC eStore version 3.0, consider restricting access to the `cat id` parameter in the "index.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TurnkeyWebTools SunShop Shopping Cart version 4.0 RC 6 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `s[cid]` parameter in a "search list" action. **Recommendations** For TurnkeyWebTools SunShop Shopping Cart version 4.0 RC 6, consider restricting access to the `index.php` file until a patch is available, and avoid using the `s[cid]` parameter in the "search list" action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SimpleFAQ (com simplefaq) versions 2.11 through 2.40 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `aid` parameter in the index.php file of the SimpleFAQ component. This component can be used in both Mambo and Joomla!. **Recommendations** For versions 2.11 through 2.40, consider restricting access to the vulnerable `aid` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `aid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Envolution versions 1.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `topic` parameter in the News module in modules.php. This is a different vector than previously identified issues. **Recommendations** For Envolution versions 1.1.0 and earlier, consider restricting access to the News module until a fix is available. As a temporary workaround, avoid using the `topic` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** auraCMS (Modul Forum Sederhana) versions (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to the default URI in the komentar.php file of the Forum Module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.