Mhz91

**Name of the Vulnerable Software and Affected Versions** DomPHP version 0.81 **Description** The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This can be achieved via the `cat` parameter to "agenda/index.php", and possibly other unspecified vectors. **Recommendations** For DomPHP version 0.81, consider restricting access to the "agenda/index.php" endpoint and avoid using the `cat` parameter until a fix is available. As a temporary workaround, restrict access to the SQL database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloo versions 1.00 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `post id`, `post category id`, `post year month`, and `static page id` parameters in index.php, as well as unspecified other vectors. **Recommendations** For Bloo versions 1.00 and earlier, as a temporary workaround, consider restricting access to the index.php file until a patch is available. Avoid using the parameters `post id`, `post category id`, `post year month`, and `static page id` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteBuilder Elite version 1.2 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the `CarpPath` parameter to specific API endpoints, such as "files/carprss.php" and "files/amazon-bestsellers.php". **Recommendations** For SiteBuilder Elite version 1.2, consider restricting access to the `CarpPath` parameter in the affected API endpoints "files/carprss.php" and "files/amazon-bestsellers.php" to minimize the risk of exploitation. Avoid using the `CarpPath` parameter in these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Barryvan Compo Manager version 0.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pageURL` parameter in the main.php file. **Recommendations** For Barryvan Compo Manager version 0.3, avoid using the `pageURL` parameter in the main.php file until the issue is resolved. Consider restricting access to the main.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** freePHPgallery version 0.6 **Description** The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in the `lang` cookie to specific API endpoints: "comment.php", "index.php", and "show.php". **Recommendations** For freePHPgallery version 0.6, consider restricting access to the "comment.php", "index.php", and "show.php" endpoints until a patch is available. As a temporary workaround, validate and sanitize the `lang` cookie to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** LookStrike Lan Manager version 0.9 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sys conf[path][real]` parameter to various PHP files. This can be leveraged to include and execute arbitrary local files via directory traversal sequences. The affected files include multiple PHP scripts in the modulesclass and modulesclassdb directories, as well as modulesclasstournament. **Recommendations** For LookStrike Lan Manager version 0.9, consider restricting access to the `sys conf[path][real]` parameter to prevent remote file inclusion attacks. As a temporary workaround, restrict access to the affected PHP files in the modulesclass, modulesclassdb, and modulesclasstournament directories until a patch is available. Avoid using the `sys conf[path][real]` parameter in URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IDMOS (aka Phoenix) version 1.0 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `fileName` parameter in the "administrator/download.php" endpoint. **Recommendations** For IDMOS (aka Phoenix) version 1.0, as a temporary workaround, consider restricting access to the "administrator/download.php" endpoint until a patch is available. Avoid using the `fileName` parameter with unvalidated input in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** PHP Webquest version 2.6 **Description** The issue allows remote attackers to retrieve database credentials by making a direct request to "admin/backup phpwebquest.php". This occurs because if a call to `/usr/bin/mysqldump` fails, the error message leaks the credentials. It is noted that this might only be a problem in limited environments. **Recommendations** For PHP Webquest version 2.6, consider restricting access to the "admin/backup phpwebquest.php" endpoint to prevent unauthorized requests. Additionally, ensure that error messages do not reveal sensitive information such as database credentials. As a temporary workaround, consider disabling the backup functionality in "admin/backup phpwebquest.php" until a more secure solution is implemented.

**Name of the Vulnerable Software and Affected Versions** IPTBB versions 0.5.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "viewdir" action in the index.php file. **Recommendations** For IPTBB versions 0.5.4 and earlier, avoid using the `id` parameter in the "viewdir" action until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** xml2owl version 0.1.1 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `path` parameter of the showCode.php file. **Recommendations** For xml2owl version 0.1.1, consider restricting access to the showCode.php file or sanitizing the `path` parameter to prevent the execution of arbitrary commands until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpAutoVideo version 2.21 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the `selected provider` parameter. **Recommendations** For phpAutoVideo version 2.21, consider restricting access to the `includes/block.php` file until a patch is available. As a temporary workaround, avoid using the `selected provider` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpAutoVideo version 2.21 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `loadadminpage` parameter. This is related to the ability to include remote files in the admin/frontpage right.php file. **Recommendations** For phpAutoVideo version 2.21, consider restricting access to the `loadadminpage` parameter to minimize the risk of exploitation. As a temporary workaround, restrict the use of the admin/frontpage right.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ip Reg version 0.3 Ip Reg version 0.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several API endpoints, including "vlanview.php", "vlanedit.php", "vlandel.php", "assetclassgroupview.php", and "nodelist.php", by manipulating specific parameters such as `vlan id`, `assetclassgroup id`, and `subnet id`. **Recommendations** For Ip Reg version 0.3, consider restricting access to the vulnerable API endpoints "vlanview.php", "vlanedit.php", "vlandel.php", "assetclassgroupview.php", and "nodelist.php" until a patch is available. For Ip Reg version 0.4, restrict access to the "vlanview.php" and "vlandel.php" endpoints as a temporary workaround. Avoid using the parameters `vlan id`, `assetclassgroup id`, and `subnet id` in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MailMachine Pro versions 2.2.4 through 2.2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the showMsg.php file. **Recommendations** For MailMachine Pro versions 2.2.4 through 2.2.5, update to version 2.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MeGaCheatZ version 1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ItemID` parameter to various API endpoints, including "comments.php", "view.php", and "siteadmin/ViewItem.php". **Recommendations** For MeGaCheatZ version 1.1, as a temporary workaround, consider restricting access to the `ItemID` parameter in the affected API endpoints until a patch is available. Avoid using the `ItemID` parameter in the affected API endpoints, such as "comments.php", "view.php", and "siteadmin/ViewItem.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adult Script versions 1.6.5 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to either "videolink count.php" or "links.php" API endpoints. **Recommendations** For Adult Script versions 1.6.5 and earlier, consider restricting access to the "videolink count.php" and "links.php" endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Social Engine version 2.0 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `global lang` parameter to various PHP files, including "header album.php", "header blog.php", "header group.php", "admin header album.php", "admin header blog.php", and "admin header group.php". **Recommendations** For Social Engine version 2.0, consider restricting access to the `global lang` parameter in the affected PHP files until a patch is available. As a temporary workaround, disable the execution of arbitrary local files through these parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Falcon Series One CMS version 1.4.3 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `dir[classes]` parameter to "sitemap.xml.php" or the `error` parameter to "errors.php". **Recommendations** For Falcon Series One CMS version 1.4.3, consider disabling the `sitemap.xml.php` and `errors.php` scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the `dir[classes]` and `error` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Falcon Series One CMS version 1.4.3 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to change a password via a certain "changepass" action to "index.php". **Recommendations** For Falcon Series One CMS version 1.4.3, update to a version that fixes this issue, as using the "changepass" action in "index.php" can lead to unauthorized password changes.

**Name of the Vulnerable Software and Affected Versions** Falcon Series One CMS version 1.4.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `gb mail`, `gb name`, and `gb text` parameters in a guestbook action to "index.php", and unspecified other vectors. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Falcon Series One CMS version 1.4.3, as a temporary workaround, consider restricting access to the guestbook action in "index.php" and avoid using the `gb mail`, `gb name`, and `gb text` parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.