Snatcher

**Name of the Vulnerable Software and Affected Versions** Blackorpheus ClanMemberSkript version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `userID` parameter in the member.php file. **Recommendations** For Blackorpheus ClanMemberSkript version 1.0, consider restricting access to the `member.php` file or avoiding the use of the `userID` parameter until a fix is available. As a temporary workaround, restrict the execution of SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fuju News version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the archiv2.php file. **Recommendations** For Fuju News version 1.0, consider restricting access to the archiv2.php file until a patch is available. As a temporary workaround, avoid using the `ID` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fuju News version 1.0 **Description** The issue allows remote attackers to bypass authentication by setting the `authorized` cookie in the `edit kategorie.php` file. **Recommendations** For Fuju News version 1.0, as a temporary workaround, consider restricting access to the `edit kategorie.php` file until a patch is available. Additionally, avoid relying solely on the `authorized` cookie for authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XBrite Members versions 1.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "members.php" file. Recommendations: For versions 1.1 and earlier, consider restricting access to the `id` parameter in the "members.php" file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Clansys version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `showid` parameter in the "member page" API endpoint, which is accessed via "index.php". Recommendations: For Clansys version 1.1, consider restricting access to the `showid` parameter in the member page to minimize the risk of exploitation. Avoid using the `showid` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Design Nation DNGuestbook version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` and `id` parameters in the admin.php file. Recommendations: For Design Nation DNGuestbook version 2.0, consider restricting access to the admin.php file until a patch is available, and avoid using the `email` and `id` parameters in this context to minimize the risk of exploitation.