Shinmai

**Name of the Vulnerable Software and Affected Versions** SebracCMS (sbcms) version 0.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This is achieved through SQL injection vulnerabilities in various parameters, including the `recid` parameter to "cms/form/read.php" and the `uname` parameter to "cms/index.php". **Recommendations** For SebracCMS (sbcms) version 0.4, consider restricting access to the "cms/form/read.php" and "cms/index.php" endpoints until a patch is available. As a temporary workaround, avoid using the `recid` and `uname` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aflog versions 1.01 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "comments.php" and an unspecified parameter to "view.php". **Recommendations** For aflog version 1.01 and earlier, consider restricting access to the "comments.php" and "view.php" scripts until a patch is available. As a temporary workaround, avoid using the `id` parameter in the "comments.php" endpoint.

**Name of the Vulnerable Software and Affected Versions** aflog versions 1.01 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the comment form. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For aflog version 1.01 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OZJournals version 2.1.1 **Description** A directory traversal issue exists, allowing remote attackers to read parts of arbitrary files. This is achieved by using a .. (dot dot) in the `id` parameter within a "printpreview" action. **Recommendations** For OZJournals version 2.1.1, consider restricting access to the `id` parameter in the "printpreview" action of index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.