Lidloses_Auge

**Name of the Vulnerable Software and Affected Versions** Mumbo Jumbo Media OP4 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBB Custom Pages plugin version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the pages.php file of the Custom Pages plugin. **Recommendations** For MyBB Custom Pages plugin version 1.0, consider disabling the pages.php file or restricting access to it until a patch is available to prevent exploitation. Avoid using the `page` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 3.7.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ref id` parameter in the repository.php file. **Recommendations** For ILIAS versions 3.7.4 and earlier, update to a version later than 3.7.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** living-e webEdition CMS (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `we objectID` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Visit Counter versions 0.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `datespan` parameter in a "read" action. **Recommendations** For PHP Visit Counter versions 0.4 and earlier, consider restricting access to the `read.php` file until a patch is available. As a temporary workaround, avoid using the `datespan` parameter in the read action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EasyWay CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `mid` parameter in the "index.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuickUpCMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several API endpoints, including "frontend/news.php" using the `nr` parameter, "events3.php" and "videos2.php" in the frontend directory using the `id` parameter, "frontend/events2.php" using the `y` parameter, and "frontend/fotos2.php" using the `ser` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 724CMS versions 4.01 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `ID` parameter in the "index.php" file. **Recommendations** For versions 4.01 and earlier, avoid using the `ID` parameter in the affected index.php file until the issue is resolved.