Moran Zavdi

Name of the Vulnerable Software and Affected Versions: WebTester versions 5.0.20060927 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. Recommendations: For versions 5.0.20060927 and earlier, update to a version later than 5.0.20060927 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: WebTester versions 5.0.20060927 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `testID` parameter to "directions.php", and unspecified parameters to other files that accept GET or POST input. Recommendations: For versions 5.0.20060927 and earlier, avoid using the `testID` parameter in the "directions.php" file until the issue is resolved. Restrict access to files that accept GET or POST input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Boesch ProgSys versions 0.151 and earlier Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO to admin/index.php and unspecified vectors related to certain other files. Recommendations: For Boesch ProgSys versions 0.151 and earlier, update to a version later than 0.151 to resolve the issue. As a temporary workaround, consider restricting access to the admin/index.php endpoint and limiting the use of the PATH INFO parameter until a patch is available.