Xenduer77

**Name of the Vulnerable Software and Affected Versions** GameSiteScript (gss) versions 3.1 and earlier **Description** The issue is related to a SQL injection vulnerability in the index.php file. This vulnerability allows remote attackers to execute arbitrary SQL commands via the `params` parameter, specifically due to missing input validation of the `id` field. **Recommendations** For GameSiteScript (gss) versions 3.1 and earlier, consider validating user input for the `id` field in the `params` parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the index.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** FlashGameScript versions 1.7 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user` parameter in a 'member' action. **Recommendations** For FlashGameScript versions 1.7 and earlier, update to a version later than 1.7 to resolve the issue. As a temporary workaround, consider restricting access to the 'member' action in index.php to minimize the risk of exploitation. Avoid using the `user` parameter in the affected endpoint until the issue is resolved.