Robert Cooper

**Name of the Vulnerable Software and Affected Versions** Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) versions 6.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `group id` parameter in a "list zone" action to "cgi/client.cgi" API endpoint. **Recommendations** For versions 6.6 and earlier, avoid using the `group id` parameter in the "list zone" action to the "cgi/client.cgi" API endpoint until a fix is available. As a temporary workaround, consider restricting access to the "cgi/client.cgi" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YABSoft Advanced Image Hosting (AIH) Script version 2.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `gal` parameter in the view comments.php file. **Recommendations** For version 2.3, update to a version that fixes this issue to prevent remote attackers from executing arbitrary SQL commands.