Road_Killer

**Name of the Vulnerable Software and Affected Versions** Joomla! component eventcal (com eventcal) version 1.6.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `Itemid` parameter in the "index.php" endpoint. **Recommendations** For version 1.6.4, consider restricting access to the `index.php` endpoint until a patch is available, and avoid using the `Itemid` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo and Joomla! (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a `showExpertProfileDetailed` action to `index.php`. **Recommendations** For the affected versions, consider restricting access to the `index.php` endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the `showExpertProfileDetailed` action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALLPC version 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `products id` parameter in the product info.php file. **Recommendations** For ALLPC version 2.5, avoid using the `products id` parameter in the product info.php file until the issue is resolved. Consider restricting access to the product info.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ALLPC version 2.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `keywords` parameter in the "advanced search result.php" file. **Recommendations** For ALLPC version 2.5, avoid using the `keywords` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "advanced search result.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component JGen (com jgen) version 0.9.33 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a view action to the "index.php" endpoint. **Recommendations** For version 0.9.33, consider restricting access to the `id` parameter in the view action to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Freeway CMS version 1.4.3.210 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ecPath` parameter in the "index.php" file. **Recommendations** For Freeway CMS version 1.4.3.210, avoid using the `ecPath` parameter in the "index.php" file until a patch is available. As a temporary workaround, consider restricting access to the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com quickfaq version 1.0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `Itemid` parameter in a category action to the "index.php" endpoint. **Recommendations** For version 1.0.3, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the `Itemid` parameter in the affected category action to minimize the risk of exploitation.