Stack-Terrorist

**Name of the Vulnerable Software and Affected Versions** Joomla! actualite module version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter. **Recommendations** For version 1.0, avoid using the `id` parameter in the actualite module until the issue is resolved. As a temporary workaround, consider restricting access to the actualite module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YABSoft Advanced Image Hosting (AIH) Script versions 2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `t` parameter in the "out.php" file. **Recommendations** For YABSoft Advanced Image Hosting (AIH) Script versions 2.1 and earlier, avoid using the `t` parameter in the "out.php" file until a fix is available. Consider restricting access to the "out.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Battle.net Clan Script for PHP versions 1.5.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The exploitation occurs through the `showmember` parameter in a `members` action. **Recommendations** For Battle.net Clan Script for PHP versions 1.5.3 and earlier, consider disabling the `members.php` file or restricting access to it until a fix is available. As a temporary workaround, enable the `magic quotes gpc` setting to prevent SQL injection attacks. Avoid using the `showmember` parameter in the `members` action until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: EntertainmentScript version 1.4.0 Description: The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `page` parameter in the page.php file. Recommendations: For EntertainmentScript version 1.4.0, consider restricting access to the page.php file until a patch is available, and avoid using directory traversal sequences in the `page` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: AlkalinePHP versions 0.80.00 beta and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the thread.php file. Recommendations: For versions 0.80.00 beta and earlier, consider restricting access to the `id` parameter in the thread.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected thread.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Archangel Weblog versions 0.90.02 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `post id` parameter in the "index.php" file. Recommendations: For Archangel Weblog versions 0.90.02 and earlier, avoid using the `post id` parameter in the index.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ChartDirector version 4.1 **Description** The issue allows remote attackers to read sensitive files. This is achieved via the `file` parameter in the phpdemo/viewsource.php file. **Recommendations** For ChartDirector version 4.1, restrict access to the phpdemo/viewsource.php file to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of the `file` parameter in this file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KwsPHP ConcoursPhoto module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `C ID` parameter in the "index.php" endpoint. **Recommendations** For the ConcoursPhoto module, avoid using the `C ID` parameter in the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bubbling Library version 1.32 **Description** The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in specific parameters. The affected parameters are the `uri` parameter in files such as `yui-menu.tpl.php`, `simple.tpl.php`, and `advanced.tpl.php`, and the `page` parameter in files like `yui-menu.php`, `simple.php`, and `advanced.php`, all located in the dispatcher/framework/ directory. **Recommendations** For Bubbling Library version 1.32, consider restricting access to the dispatcher/framework/ directory to minimize the risk of exploitation. As a temporary workaround, avoid using the `uri` and `page` parameters in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bubbling Library version 1.32 **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the `uri` parameter to `dispatcher.php` in various directories, including `examples/dispatcher/framework/`, `examples/dispatcher/`, `examples/wizard/`, and `PHP/`. **Recommendations** For Bubbling Library version 1.32, consider restricting access to the `dispatcher.php` file in the mentioned directories until a patch is available. As a temporary workaround, avoid using the `uri` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPEcho CMS versions 2.0-rc3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a section action. **Recommendations** For PHPEcho CMS versions 2.0-rc3 and earlier, consider restricting access to the `id` parameter in the section action of the forum module until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.