The-0Utl4W

Name of the Vulnerable Software and Affected Versions: Joomla! and Mambo (affected versions not specified) Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the `index.php` endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 5th Avenue Shopping Cart version 1.2 trial edition **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `category ID` parameter in the "store pages/category list.php" file. **Recommendations** For version 1.2 trial edition, avoid using the `category ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** W2B DatingClub (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `age to` parameter in a "browsebyCat" action within the browse.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** W2B phpHotResources (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `kind` parameter in the cat.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP WEB SCRIPT Dynamic Photo Gallery version 1.02 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `albumID` parameter in the album.php file. **Recommendations** For version 1.02, avoid using the `albumID` parameter in the album.php file until the issue is resolved. As a temporary workaround, consider restricting access to the album.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cPanel versions prior to 11.17 build 19417 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `rurl` parameter in the dohtaccess.html file. **Recommendations** For versions prior to 11.17 build 19417, update to version 11.17 build 19417 or later to resolve the issue. As a temporary workaround, consider restricting access to the dohtaccess.html file to minimize the risk of exploitation. Avoid using the `rurl` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Irola My-Time (aka Timesheet) version 3.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `login` (also known as `Username`) and `password` parameters in the login.asp file. **Recommendations** For Irola My-Time (aka Timesheet) version 3.5, consider restricting access to the login.asp file until a patch is available. As a temporary workaround, avoid using the `login` and `password` parameters in the login.asp file to minimize the risk of exploitation.