R45C4L

**Name of the Vulnerable Software and Affected Versions** Pre Printing Press (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "page.php" file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nice PHP FAQ Script (Knowledge base Script) (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `Password` parameter, also known as the `pass` field, in the Admin Panel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PlainCart version 1.1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `p` parameter in the "index.php" file. Recommendations: For PlainCart version 1.1.2, consider restricting access to the `p` parameter in the "index.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.

**Name of the Vulnerable Software and Affected Versions** Jadu CMS for Government (affected versions not specified) **Description** A SQL injection issue exists in the scripts/recruit details.php script, allowing remote attackers to execute arbitrary SQL commands via the `id` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyCard version 1.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "gallery.php" file. **Recommendations** For MyCard version 1.0.2, avoid using the `id` parameter in the vulnerable "gallery.php" file until the issue is resolved. Consider restricting access to the "gallery.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShiftThis Newsletter (st newsletter) plugin for WordPress (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `newsletter` parameter in the `stnl iframe.php` file. This is a different attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PowerPortal version 2.0.13 Description: The issue allows remote attackers to list and possibly read arbitrary files by exploiting a directory traversal vulnerability. This is achieved by including a .. (dot dot) in the `path` parameter to the default URI. Recommendations: For PowerPortal version 2.0.13, consider restricting access to the default URI or validating the `path` parameter to prevent directory traversal attacks until a patch is available.

Name of the Vulnerable Software and Affected Versions: Powie pNews version 2.03 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `newsid` parameter in the newskom.php file. Recommendations: For version 2.03, consider restricting access to the newskom.php file or avoiding the use of the `newsid` parameter until a fix is available.

Name of the Vulnerable Software and Affected Versions: NetArt Media iBoutique version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter to the "index.php" endpoint. Recommendations: For NetArt Media iBoutique version 4.0, avoid using the `cat` parameter in the "index.php" endpoint until the issue is resolved. Consider restricting access to the products module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ProActive CMS (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is achieved by using a .. (dot dot) in the `template` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zanfi Autodealers CMS AutOnline (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pageid` parameter in a "DBpAGE" action, specifically targeting the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Forum Pay Per Post Exchange (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in a "showcat" action in the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPBasket (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `pro id` parameter in the product.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: phpVID versions 1.1 through 1.2.3 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `query` parameter in the "search results.php" file. Recommendations: For phpVID versions 1.1 through 1.2.3, consider disabling the search functionality in "search results.php" until a patch is available to prevent exploitation of the XSS vulnerability via the `query` parameter.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Forum Pay Per Post Exchange version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in a "forum catview" action. **Recommendations** For version 2.0, consider restricting access to the `catid` parameter in the "forum catview" action to minimize the risk of exploitation. Avoid using the `catid` parameter in the affected API endpoint until the issue is resolved.