Xoron

**Name of the Vulnerable Software and Affected Versions** Joomla! VehicleManager component version 1.0 Basic **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the toolbar ext.php file. This can be exploited by sending a malicious URL to the vulnerable component. **Recommendations** For version 1.0 Basic, consider disabling the `toolbar ext.php` file or restricting access to it until a patch is available. Avoid using the `mosConfig absolute path` parameter in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com realestatemanager version 1.0 Basic **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the toolbar ext.php file of the RealEstateManager component. **Recommendations** For version 1.0 Basic, consider restricting access to the `toolbar ext.php` file until a patch is available. Avoid using the `mosConfig absolute path` parameter in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phPortal version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the topicler.php file. **Recommendations** For phPortal version 1.0, consider restricting access to the topicler.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: AdaptBB version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `forumspath` parameter when `register globals` is enabled. This can be exploited by sending a malicious URL to the vulnerable endpoint. Recommendations: For AdaptBB version 1.0, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Additionally, restrict access to the `latestposts.php` file to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** WEBalbum version 2.4b **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "photo.php" file. **Recommendations** For WEBalbum version 2.4b, consider restricting access to the `id` parameter in the "photo.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NetArt Media Car Portal version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` and `password` parameters in the login feature. **Recommendations** For NetArt Media Car Portal version 1.0, consider restricting access to the login feature until a patch is available. As a temporary workaround, avoid using the `username` and `password` parameters in the login endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke Manuales module version 0.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `cid` parameter in a "viewdownload" action to "modules.php". **Recommendations** For PHP-Nuke Manuales module version 0.1, avoid using the `cid` parameter in the "viewdownload" action to "modules.php" until the issue is resolved. As a temporary workaround, consider restricting access to the "modules.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke Okul module version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `okulid` parameter in an "okullar" action within the modules.php file. **Recommendations** For PHP-Nuke Okul module version 1.0, avoid using the `okulid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the vulnerable modules.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke EasyContent module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page id` parameter in the modules.php file of the EasyContent module. **Recommendations** For the EasyContent module, consider restricting access to the `page id` parameter in the modules.php file until a patch is available. As a temporary workaround, avoid using the `page id` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpBBViet versions 02.03.07 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/functions mod user.php file. **Recommendations** For versions 02.03.07 and earlier, consider restricting access to the `includes/functions mod user.php` file until a patch is available. Avoid using the `phpbb root path` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: KwsPHP mg2 module version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `album` parameter in the index.php file of the mg2 1.0 module. Recommendations: For KwsPHP mg2 module version 1.0, consider restricting access to the `album` parameter in the index.php file until a patch is available. Avoid using the `album` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: com colorlab (aka com color) version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.color.php file. Recommendations: For com colorlab (aka com color) version 1.0, consider restricting access to the admin.color.php file until a patch is available. As a temporary workaround, avoid using the `mosConfig live site` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IntegraMOD Nederland version 1.4.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/archive/archive topic.php file. **Recommendations** For IntegraMOD Nederland version 1.4.2, avoid using the `phpbb root path` parameter in the includes/archive/archive topic.php file until a fix is available. Restrict access to the archive topic.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBB Minerva mod versions 2.0.21 build 238a and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `c` parameter in the forum.php file. **Recommendations** For versions 2.0.21 build 238a and earlier, update to a version later than 2.0.21 build 238a to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpBB Extreme version 3.0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the functions.php file. **Recommendations** For version 3.0.1, consider restricting access to the `phpbb root path` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aktueldownload Haber script (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the HaberDetay.asp file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Snitz Forums 2000 version 3.1 SR4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "pop profile.asp" file. Recommendations: For Snitz Forums 2000 version 3.1 SR4, avoid using the `id` parameter in the "pop profile.asp" file until the issue is resolved. As a temporary workaround, consider restricting access to the "pop profile.asp" file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Philboard versions 1.14 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter in the "philboard forum.asp" file. Recommendations: For Philboard versions 1.14 and earlier, consider restricting access to the `forumid` parameter in the philboard forum.asp file until a patch is available. Avoid using the `forumid` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Categories hierarchy (aka CH or mod-CH) version 2.1.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/class template.php file. Recommendations: For version 2.1.2, avoid using the `phpbb root path` parameter in the affected includes/class template.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpBB++ Build 100 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/functions.php file. **Recommendations** For phpBB++ Build 100, update the includes/functions.php file to properly validate and sanitize the `phpbb root path` parameter to prevent remote file inclusion attacks. As a temporary workaround, consider restricting access to the includes/functions.php file until a patch is available.