Xprog

**Name of the Vulnerable Software and Affected Versions** Vastal I-Tech Software Zone (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in the view product.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `photo id` parameter in the "index.php" file. **Recommendations** For version 1.0, avoid using the `photo id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comdev News Publisher version 4.1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `arcmonth` parameter in the home.news.php file. **Recommendations** For Comdev News Publisher version 4.1.2, consider restricting access to the `arcmonth` parameter in the home.news.php file until a patch is available. As a temporary workaround, avoid using the `arcmonth` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scriptsagent.com Links Directory version 1.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in a list action in the links.php file. **Recommendations** For version 1.1, avoid using the `cat id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the links.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Prozilla Top 100 version 1.2 **Description** The issue allows remote authenticated users to delete statistics and accounts of arbitrary users. This is achieved by modifying the `s` parameter in the "delete.php" file. **Recommendations** For Prozilla Top 100 version 1.2, restrict access to the "delete.php" file to prevent unauthorized modifications to the `s` parameter until a fix is available. As a temporary workaround, consider implementing authentication and authorization checks to ensure only authorized users can delete statistics and accounts.

**Name of the Vulnerable Software and Affected Versions** Prozilla Entertainers versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the "directory.php" file. **Recommendations** For Prozilla Entertainers versions 1.1 and earlier, consider restricting access to the `directory.php` file until a patch is available. As a temporary workaround, avoid using the `cat` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) version 1.0 **Description** The issue allows context-dependent attackers to obtain sensitive information because passwords are stored in cleartext in a MySQL database. **Recommendations** For Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) version 1.0, consider implementing password hashing to securely store user credentials, and restrict access to the MySQL database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QT-cute QuickTalk Forum versions 1.6 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is exploited via the `id` parameter in the "qtf ind search ov.php" file. **Recommendations** For QT-cute QuickTalk Forum versions 1.6 and earlier, avoid using the `id` parameter in the vulnerable "qtf ind search ov.php" file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phpBB Filebase mod (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the filebase.php file. **Recommendations** For the affected version, consider restricting access to the filebase.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the vulnerable filebase.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Forum Pay Per Post Exchange version 2.0 **Description** The issue allows attackers to access user accounts more easily because passwords are stored in cleartext. **Recommendations** For version 2.0, update the software to store passwords securely, such as using a hashing algorithm, to prevent unauthorized access to user accounts.

**Name of the Vulnerable Software and Affected Versions** PHP Real Estate Classifieds (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the fullnews.php file. **Recommendations** For PHP Real Estate Classifieds, consider restricting access to the fullnews.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ace Image Hosting Script (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `id` parameter in 'editalbum' mode in the albums.php file. **Recommendations** For Ace Image Hosting Script, consider restricting access to the albums.php file until a patch is available, and avoid using the `id` parameter in 'editalbum' mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DWdirectory versions 2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `search` parameter to the "/search" URI. This could potentially lead to unauthorized access or manipulation of database content. **Recommendations** For DWdirectory versions 2.1 and earlier, consider restricting access to the "/search" URI or disabling the `search` parameter until a patch is available. Additionally, limiting database privileges to the minimum required for the application can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HotScripts Clone Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the software-description.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** datecomm Social Networking Script (aka Myspace Clone Script) (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `seid` parameter in a `viewcat` action on the forums page of the `index.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Prozilla Webring (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in the "category.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Prozilla Pub Site Directory (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `cat` parameter in the "directory.php" file. This can be exploited by sending malicious input to the vulnerable parameter, potentially leading to unauthorized data access or modification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PHP123 Top Sites (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the category.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Prozilla Adult Directory (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in a list action in the directory.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BlogSite Professional (aka Blog System) version 1.x Description: The issue allows remote attackers to execute arbitrary SQL commands via the `news id` parameter in the index.php file. Recommendations: For BlogSite Professional (aka Blog System) version 1.x, avoid using the `news id` parameter in the affected index.php file until the issue is resolved.