R3D-D3V!L

**Name of the Vulnerable Software and Affected Versions** PHPCMS 2008 V2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `modelid` parameter to the "flash upload.php" endpoint. **Recommendations** For PHPCMS 2008 V2, consider restricting access to the "flash upload.php" endpoint until a patch is available, and avoid using the `modelid` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pay Per Minute Video Chat Script versions 2.0 through 2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the "index ie.php" file. **Recommendations** For Pay Per Minute Video Chat Script versions 2.0 through 2.1, consider restricting access to the `index ie.php` file until a patch is available. As a temporary workaround, avoid using the `page` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pay Per Minute Video Chat Script versions 2.0 through 2.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `id` parameter to "admin/memberviewdetails.php" or the `model` parameter to "videos.php". **Recommendations** For Pay Per Minute Video Chat Script versions 2.0 through 2.1, consider disabling access to the "admin/memberviewdetails.php" and "videos.php" endpoints until a patch is available. Restrict the use of the `id` and `model` parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla Shape5 Bridge of Hope template (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in an article action to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPCityPortal (affected versions not specified) **Description** The issue concerns multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in several PHP files, including "video show.php", "spotlight detail.php", "real estate details.php", and "auto details.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPCityPortal (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `url` parameter in the external.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** I-Escorts Directory Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `country id` parameter in the country escorts.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Active Auction House version 3.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `catid` parameter to "wishlist.asp" and the `linkid` parameter to "links.asp". **Recommendations** For Active Auction House version 3.6, consider restricting access to the `wishlist.asp` and `links.asp` pages until a fix is available, and avoid using the `catid` and `linkid` parameters in these pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Active Web Softwares eWebquiz version 8 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `QuizID` parameter to API endpoints such as "questions.asp", "importquestions.asp", and "quiztakers.asp". **Recommendations** For version 8, avoid using the `QuizID` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "questions.asp", "importquestions.asp", and "quiztakers.asp" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HotWeb Rentals (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `PropId` parameter in the "details.asp" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Model Agency Manager PRO (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through the `user id` parameter to API endpoints such as "view.php", "photos.php", and "motm.php", as well as the `id` parameter to "forum message.php". **Recommendations** For Model Agency Manager PRO, consider restricting access to the `user id` parameter in the "view.php", "photos.php", and "motm.php" API endpoints, and the `id` parameter in the "forum message.php" endpoint until a patch is available. As a temporary workaround, avoid using the `user id` and `id` parameters in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReVou Micro Blogging Twitter clone (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is possible via the `username` and `password` fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bankoi WebHosting Control Panel version 1.20 Description: The issue concerns SQL injection vulnerabilities in the login.asp file of the control panel. Remote attackers can execute arbitrary SQL commands by manipulating the `username` or `password` fields. Recommendations: For Bankoi WebHosting Control Panel version 1.20, consider restricting access to the login.asp file until a patch is available, and avoid using the `username` and `password` fields in a way that could facilitate SQL injection attacks.

Name of the Vulnerable Software and Affected Versions: ASPReferral version 5.3 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `AccountID` parameter in the Merchantsadd.asp file. Recommendations: For ASPReferral version 5.3, consider restricting access to the `AccountID` parameter in the Merchantsadd.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Active Web Mail version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `TabOpenQuickTab1` parameter to API endpoints such as "popaccounts.aspx", "addressbook.aspx", and "emails.aspx". Recommendations: For Active Web Mail version 4.0, consider restricting access to the `TabOpenQuickTab1` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `TabOpenQuickTab1` parameter in "popaccounts.aspx", "addressbook.aspx", and "emails.aspx" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Venalsur Booking Centre Booking System for Hotels Group version 2.01 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `HotelID` parameter in the hotel habitaciones.php file. Recommendations: For version 2.01, consider restricting access to the hotel habitaciones.php file until a patch is available, and avoid using the `HotelID` parameter in this context to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Gallery MX version 2.0.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the 'pics pre.asp' file. Recommendations: For Gallery MX version 2.0.0, consider restricting access to the `ID` parameter in the 'pics pre.asp' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ad Server Solutions Affiliate Software Java version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL commands, possibly related to the `uname` and `pass` parameters to "logon process.jsp". This is achieved via the `username` and `password` in "logon.jsp". Recommendations: For Ad Server Solutions Affiliate Software Java version 4.0, consider restricting access to the "logon.jsp" and "logon process.jsp" pages until a fix is available, and avoid using the `uname` and `pass` parameters in the "logon process.jsp" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ad Management Software Java (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is related to the `uname` or `pass` parameters to "logon.jsp" or "logon processing.jsp" API endpoints, specifically via the `username` and `password` fields. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ad Server Solutions Banner Exchange Solution Java (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` (`uname` parameter) and `password` (`pass` parameter) in the logon process.jsp file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.