The:Paradox

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.4.7 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `birthdayprivacy` parameter in the inc/datahandlers/user.php file. **Recommendations** For versions prior to 1.4.7, update to version 1.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `birthdayprivacy` parameter in the affected file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum (SMF) versions 1.1.4 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by setting the `db character set` parameter to a multibyte character set, such as big5, which causes the `addslashes` PHP function to produce a "" (backslash) sequence that does not quote the "'" (single quote) character. An example of exploitation is via a manlabels action to "index.php". Recommendations: For Simple Machines Forum (SMF) versions 1.1.4 and earlier, consider updating to a version that is not affected by this issue. As a temporary workaround, restrict the use of multibyte character sets for the `db character set` parameter to minimize the risk of exploitation. Avoid using the `db character set` parameter with values such as big5 in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RevokeBB version 1.0 RC11 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `search` parameter in the Search System, specifically in the inc/class search.php file. **Recommendations** For RevokeBB version 1.0 RC11, consider restricting access to the `search` parameter in the Search System until a patch is available. As a temporary workaround, avoid using the `search` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ExBB Italia versions 0.22 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `exbb[default lang]` parameter, when `register globals` is enabled and `magic quotes gpc` is disabled. **Recommendations** For ExBB Italia versions 0.22 and earlier, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, restrict access to the `threadstop.php` module to minimize the risk of arbitrary file inclusion. Avoid using the `exbb[default lang]` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ExBB Italia versions 0.22 and earlier **Description** The issue allows remote attackers to bypass a check by using vectors other than GET requests with QUERY STRING, specifically via (1) POST or (2) COOKIE variables. This can be leveraged to conduct PHP remote file inclusion attacks by manipulating the `new exbb[home path]` or `exbb[home path]` parameter in the "modules/threadstop/threadstop.php" endpoint. **Recommendations** For ExBB Italia versions 0.22 and earlier, as a temporary workaround, consider restricting access to the `modules/threadstop/threadstop.php` endpoint to minimize the risk of exploitation. Avoid using the `new exbb[home path]` and `exbb[home path]` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostNuke versions 0.764 and earlier **Description** The issue allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, such as the CLIENT IP HTTP header (`HTTP CLIENT IP` variable), due to the `pnVarPrepForStore` function skipping input sanitization when `magic quotes runtime` is enabled. **Recommendations** For PostNuke versions 0.764 and earlier, consider disabling the `pnVarPrepForStore` function or restricting input associated with server variables until a patch is available. Additionally, disabling `magic quotes runtime` may help mitigate the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Limbo CMS versions 1.0.4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cuid` cookie parameter in the "admin.php" endpoint. **Recommendations** For Limbo CMS versions 1.0.4.2 and earlier, consider restricting access to the `admin.php` endpoint until a patch is available. As a temporary workaround, avoid using the `cuid` cookie parameter in the `admin.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyPHP Forum versions 3.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `searchtext` parameter to the "search.php" endpoint, and potentially other vectors. **Recommendations** For MyPHP Forum versions 3.0 and earlier, avoid using the `searchtext` parameter in the "search.php" endpoint until the issue is resolved. Restrict access to the search functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebPortal CMS version 0.6-beta **Description** The issue allows remote attackers to obtain access to any account via a lostpass action because the `actions.php` file in WebPortal CMS generates predictable passwords containing only the time of day. **Recommendations** For WebPortal CMS version 0.6-beta, consider modifying the password generation mechanism in the `actions.php` file to produce more secure and unpredictable passwords. As a temporary workaround, restrict access to the lostpass action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebPortal CMS version 0.6-beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `user name` parameter to the "actions.php" endpoint. **Recommendations** For WebPortal CMS version 0.6-beta, avoid using the `user name` parameter in the "actions.php" endpoint until the issue is resolved. Consider restricting access to the "actions.php" endpoint to minimize the risk of exploitation.