Vds_S

**Name of the Vulnerable Software and Affected Versions** com beamospetition version 1.0.12 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `mpid` parameter in a sign action to "index.php". **Recommendations** For version 1.0.12, consider restricting access to the "index.php" endpoint or avoiding the use of the `mpid` parameter in sign actions until a fix is available.

**Name of the Vulnerable Software and Affected Versions** com beamospetition version 1.0.12 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `pet` parameter in a "sign" action. This can occur in the index.php file of the com beamospetition component for Joomla!. **Recommendations** For version 1.0.12, consider restricting access to the vulnerable `pet` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `pet` parameter in the affected API endpoint until the issue is resolved.