O Y

**Name of the Vulnerable Software and Affected Versions** Zen Cart version 1.3.0.2 **Description** The issue allows remote attackers to obtain sensitive information via empty array parameters, which reveals the installation path in an error message. This is achieved by manipulating the ` GET[]`, ` SESSION[]`, ` POST[]`, or ` COOKIE[]` arrays. **Recommendations** For Zen Cart version 1.3.0.2, consider restricting access to the index.php file until a patch is available, or apply configuration changes to prevent the exposure of sensitive information through error messages.

**Name of the Vulnerable Software and Affected Versions** PunBB version 1.2.11 **Description** A cross-site scripting (XSS) issue exists due to insufficient sanitization of the `redirect url` parameter, allowing remote attackers to inject arbitrary web script or HTML via the `req message` parameter. **Recommendations** For PunBB version 1.2.11, as a temporary workaround, consider sanitizing the `redirect url` parameter to prevent XSS attacks. Restrict access to the `misc.php` file to minimize the risk of exploitation. Avoid using the `req message` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBB version 1.1.1 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved via the query string (`$querystring` variable) in `admin/adminlogs.php`, which is not properly handled by `adminfunctions.php`. Alternatively, exploitation can occur through the `setid`, `expand`, `title`, or `sid2` parameters to `admin/templates.php`. **Recommendations** For MyBB version 1.1.1, consider restricting access to the `admin/adminlogs.php` and `admin/templates.php` files until a patch is available. As a temporary workaround, avoid using the `$querystring` variable in `admin/adminlogs.php` and the `setid`, `expand`, `title`, or `sid2` parameters in `admin/templates.php` to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Arab Portal version 2.0.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mineID` parameter in the "forum.php" file. Recommendations: For Arab Portal version 2.0.1, consider restricting access to the `mineID` parameter in the "forum.php" file until a patch is available. As a temporary workaround, avoid using the `mineID` parameter in the affected file to minimize the risk of exploitation.