Kiba

**Name of the Vulnerable Software and Affected Versions** deV!L`z Clanportal (DZCP) versions 1.4.5 and earlier **Description** The issue allows remote attackers to obtain MySQL data. This is achieved by exploiting the `file` parameter in the `inc/filebrowser/browser.php` file, specifically by manipulating the `inc/mysql.php` value. **Recommendations** For versions 1.4.5 and earlier, consider restricting access to the `inc/filebrowser/browser.php` file and the `inc/mysql.php` script to minimize the risk of exploitation. Avoid using the `file` parameter in the `inc/filebrowser/browser.php` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebSPELL versions 4.01.01 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `getsquad` parameter in the "index.php" endpoint. **Recommendations** For WebSPELL versions 4.01.01 and earlier, consider restricting access to the `getsquad` parameter in the index.php endpoint until a patch is available. As a temporary workaround, avoid using the `getsquad` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.