R3Dm0V3

**Name of the Vulnerable Software and Affected Versions** Nukedit versions 4.9.x and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` parameter in the "utilities/login.asp" endpoint. **Recommendations** For Nukedit versions 4.9.x and earlier, consider restricting access to the "utilities/login.asp" endpoint until a patch is available. As a temporary workaround, avoid using the `email` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PortalApp version 4.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `keywords` parameter to API endpoints such as "forums.asp" and "content.asp". **Recommendations** For PortalApp version 4.0, avoid using the `keywords` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "forums.asp" and "content.asp" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PortalApp version 4.0 **Description** The issue allows remote attackers to create and delete forums, topics, and replies due to a lack of authentication requirement for certain API endpoints, specifically "forums.asp" and "content.asp". **Recommendations** For PortalApp version 4.0, consider implementing proper authentication mechanisms for the "forums.asp" and "content.asp" endpoints to restrict unauthorized access until a patch is available. As a temporary workaround, restrict access to these endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpSmartCom version 0.2 Description: The issue allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the `p` parameter in the "index.php" file. This is a directory traversal vulnerability. Recommendations: For phpSmartCom version 0.2, consider restricting access to the `p` parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the `p` parameter with untrusted input until a patch is available.

Name of the Vulnerable Software and Affected Versions: phpSmartCom version 0.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `uid` parameter in a 'viewprofile' action to 'index.php'. Recommendations: For phpSmartCom version 0.2, consider restricting access to the 'viewprofile' action in 'index.php' to minimize the risk of exploitation, and avoid using the `uid` parameter until the issue is resolved.