Sunhouse2

**Name of the Vulnerable Software and Affected Versions** Easy CafeEngine (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `catid` parameter in the "index.php" endpoint. This is a different attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProArcadeScript version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `random` parameter to the default URI, which is vulnerable to SQL injection attacks. **Recommendations** For ProArcadeScript version 1.3, consider restricting access to the default URI or avoiding the use of the `random` parameter until a patch is available. As a temporary workaround, disabling the execution of arbitrary SQL commands can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ClipShare versions prior to 3.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tid` parameter in the group posts.php file. **Recommendations** For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the group posts.php file or validating and sanitizing the `tid` parameter to prevent SQL injection attacks.