Kre0N

**Name of the Vulnerable Software and Affected Versions** phpMyFamily version 1.4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through the `person` parameter to the "people.php" endpoint or the `Login` field. **Recommendations** For phpMyFamily version 1.4.0, consider restricting access to the affected php files, such as people.php, track.php, edit.php, document.php, census.php, and passthru.php, until a patch is available. As a temporary workaround, avoid using the `person` parameter in the "people.php" endpoint and restrict the use of the `Login` field in the affected scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UBB.threads version 6.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Number` parameter in the "editpost.php" file. **Recommendations** For UBB.threads version 6.0, update the software to a version that includes a fix for this issue, or as a temporary workaround, consider restricting access to the "editpost.php" file to minimize the risk of exploitation. Avoid using the `Number` parameter in the affected file until the issue is resolved.