Toxic350

**Name of the Vulnerable Software and Affected Versions** phpAutoVideo versions 2.21 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `loadpage` parameter. This is a different vector than previously identified issues. **Recommendations** For versions 2.21 and earlier, update to a version later than 2.21 to resolve the issue. As a temporary workaround, consider restricting access to the `loadpage` parameter in the affected `sidebar.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KwsPHP version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a 'results' action within the 'sondages' module of the affected software. **Recommendations** For KwsPHP version 1.0, consider restricting access to the `id` parameter in the 'results' action of the 'sondages' module to minimize the risk of exploitation. Avoid using the `id` parameter in the affected module until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: PHP Webquest versions 2.5 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id actividad` parameter in the soporte derecha w.php file. Recommendations: For PHP Webquest versions 2.5 and earlier, update to a version later than 2.5 to resolve the issue. As a temporary workaround, consider restricting access to the `id actividad` parameter in the soporte derecha w.php file to minimize the risk of exploitation.