Mizoz

**Name of the Vulnerable Software and Affected Versions** phpBazar versions 2.1.1fix and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in the classified.php file. **Recommendations** For phpBazar versions 2.1.1fix and earlier, consider restricting access to the `catid` parameter in the classified.php file until a patch is available. As a temporary workaround, avoid using the `catid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ebay Clone 2009 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user id` parameter to "feedback.php" and the `item id` parameter to "view full size.php", "classifide ad.php", and "crosspromoteitems.php". **Recommendations** For Ebay Clone 2009, consider restricting access to the "feedback.php", "view full size.php", "classifide ad.php", and "crosspromoteitems.php" scripts until a fix is available. As a temporary workaround, avoid using the `user id` parameter in "feedback.php" and the `item id` parameter in the other affected scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Clear Content version 1.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `url` parameter of the image.php file. **Recommendations** For Clear Content version 1.1, consider restricting access to the image.php file until a patch is available, or apply configuration changes to prevent directory traversal attacks, such as validating and sanitizing the `url` parameter to prevent the inclusion of malicious input.

**Name of the Vulnerable Software and Affected Versions** Super Mod System version 3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `s` parameter in the index.php file when using the 68 Classifieds 3.1 Core System. **Recommendations** For Super Mod System version 3.1, consider restricting access to the index.php file until a patch is available, and avoid using the `s` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP Arcade Script version 4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the linkout.php file. **Recommendations** For PHP Arcade Script version 4.0, consider restricting access to the linkout.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected linkout.php file to minimize the risk of exploitation.