Xados

**Name of the Vulnerable Software and Affected Versions** MD-Pro versions 1.083.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `pollID` parameter in a results action to the "modules.php" endpoint. **Recommendations** For MD-Pro version 1.083.x, avoid using the `pollID` parameter in the affected "modules.php" endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Xpoze Pro version 4.10 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `menu` parameter in the home.html file. Recommendations: For Xpoze Pro version 4.10, consider restricting access to the `menu` parameter in the home.html file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ToursManager (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `tourid` parameter in the tourview.php file. This can lead to unauthorized access and manipulation of database content. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: RakhiSoftware Price Comparison Script (aka Shopping Cart) (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `subcategory id` parameter in the product.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! BazaarBuilder Ecommerce Shopping Cart (com prod) version 5.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `cid` parameter in a "products" action to "index.php". This can lead to unauthorized access and manipulation of database content. **Recommendations** For version 5.0, avoid using the `cid` parameter in the "products" action to "index.php" until a fix is available. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CMS ISWEB version 3.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id sezione` parameter in the index.php file. **Recommendations** For CMS ISWEB version 3.0, avoid using the `id sezione` parameter in the index.php file until a fix is available. Consider implementing input validation and sanitization for the `id sezione` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** CMS ISWEB version 3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `strcerca` parameter or the `id oggetto` parameter in index.php, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For CMS ISWEB version 3.0, consider restricting input for the `strcerca` and `id oggetto` parameters to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PaxGallery (com paxgallery) component version 0.1 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `gid` parameter in a `table` action to `index.php`. **Recommendations** For PaxGallery (com paxgallery) component version 0.1, avoid using the `gid` parameter in the affected `index.php` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Post Affiliate Pro versions 3 through 3.1.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `umprof status` parameter in the merchants/index.php file. **Recommendations** For Post Affiliate Pro versions 3 through 3.1.4, avoid using the `umprof status` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jamit Job Board version 3.4.10 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `show emp` parameter in the "index.php" file. **Recommendations** For Jamit Job Board version 3.4.10, consider restricting access to the `show emp` parameter in the "index.php" file until a patch is available.