V3N0M

**Name of the Vulnerable Software and Affected Versions** ICloudCenter ICTimeAttendance version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `passw` parameter in the "checklogin.aspx" endpoint. **Recommendations** For ICloudCenter ICTimeAttendance version 1.0, consider restricting access to the `checklogin.aspx` endpoint until a patch is available. As a temporary workaround, avoid using the `passw` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** My Kazaam Address & Contact Organizer (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `var1` parameter in the address book/contacts.php file. This enables attackers to manipulate the database by injecting malicious SQL code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YPNinc JokeScript (affected versions not specified) **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `ypncat id` parameter in the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Best Soft Inc. (BSI) Advance Hotel Booking System version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the "index1.php" file. **Recommendations** For Best Soft Inc. (BSI) Advance Hotel Booking System version 1.0, consider validating and sanitizing the `page` parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the "index1.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Webmatic (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `p` parameter in the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maian Media Silver (com maianmedia) component for Joomla (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in a music action to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jotloader version 2.2.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using directory traversal sequences in the `section` parameter to the "index.php" endpoint. **Recommendations** For version 2.2.1, consider restricting access to the `com jotloader` component until a patch is available. As a temporary workaround, avoid using the `section` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PageDirector CMS (affected versions not specified) **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `sub catid` parameter in the result.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com gamesbox version 1.0.2 and possibly earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a consoles action to "index.php". **Recommendations** For version 1.0.2 and possibly earlier, avoid using the `id` parameter in the consoles action to "index.php" until the issue is resolved. Consider restricting access to the consoles action as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AdaptCMS versions 2.0.0 Beta through 2.0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sitepath` parameter when `register globals` is enabled. This is due to a PHP remote file inclusion vulnerability in `inc/smarty/libs/init.php`. **Recommendations** For AdaptCMS version 2.0.0 Beta, consider disabling the `register globals` setting to mitigate the risk of exploitation. For AdaptCMS version 2.0.1, consider disabling the `register globals` setting to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Debliteck DBCart (affected versions not specified) **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "article.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJ Shopping Cart version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `maincatid` parameter in a "showmaincatlanding" action in the "index.php" file. **Recommendations** For AJ Shopping Cart version 1.0, consider restricting access to the `maincatid` parameter in the "index.php" file to minimize the risk of exploitation. Avoid using the `maincatid` parameter in the affected action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** B2B Gold Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the product.html file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EC21 Clone version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the offers buy.php file. **Recommendations** For EC21 Clone version 3.0, update the offers buy.php file to properly sanitize the `id` parameter to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the offers buy.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Alibaba Clone Platinum (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the offers buy.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Video Battle Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the "browse.html" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modelbook (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `adnum` parameter in the casting view.php file. This can be exploited by sending malicious input to the vulnerable endpoint. **Recommendations** For Modelbook, consider restricting access to the `adnum` parameter in the casting view.php file until a patch is available. As a temporary workaround, avoid using the `adnum` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** com siirler version 1.2 RC **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `sid` parameter in an `sdetay` action to "index.php". **Recommendations** For version 1.2 RC, avoid using the `sid` parameter in the "index.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DigiFolio (com digifolio) component version 1.52 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a project action to "index.php". **Recommendations** For DigiFolio (com digifolio) component version 1.52, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. Consider temporarily restricting access to the component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Joomla! component com gameserver version 1.0 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in a gamepanel action to the "index.php" endpoint. Recommendations: For version 1.0, avoid using the `id` parameter in the gamepanel action to the "index.php" endpoint until a fix is available. Consider restricting access to the com gameserver component to minimize the risk of exploitation.