Mrkz

**Name of the Vulnerable Software and Affected Versions** eCal module in E-Xoopport Samsara versions 3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lid` parameter in the location.php file. **Recommendations** For versions 3.1 and earlier, consider restricting access to the location.php file in the eCal module until a patch is available. As a temporary workaround, avoid using the `lid` parameter in the location.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** E-Xoopport Samsara versions 3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `secid` parameter in a "listarticles" action when the Tutorial module is enabled. **Recommendations** For E-Xoopport Samsara versions 3.1 and earlier, consider disabling the Tutorial module until a patch is available. Avoid using the `secid` parameter in the affected API endpoint until the issue is resolved.