~!Dok_Tor!~

**Name of the Vulnerable Software and Affected Versions** iFdate versions 2.0.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `name` field in the `members search.php` file. **Recommendations** For versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Discussion Forums 2k version 3.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This is possible when the magic quotes gpc setting is disabled. The vulnerabilities can be exploited through specific parameters in various PHP files, including the `CatID` parameter in "RSS1.php" and "RSS2.php" and the `SubID` parameter in "RSS5.php". **Recommendations** For Discussion Forums 2k version 3.3, consider disabling the `magic quotes gpc` setting to prevent SQL injection attacks. Additionally, as a temporary workaround, restrict access to the vulnerable parameters `CatID` and `SubID` in the affected PHP files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BMForum version 5.6 **Description** A SQL injection issue exists due to insufficient input validation in the plugins.php file when magic quotes gpc is disabled. This allows remote attackers to execute arbitrary SQL commands by manipulating the `tagname` parameter in a specific API endpoint. **Recommendations** For BMForum version 5.6, consider disabling the `tagname` parameter or restricting access to the plugins.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

**Name of the Vulnerable Software and Affected Versions** Noname CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the `file id` parameter in a "detailansicht" action and the `kategorie` parameter in a "kategorien" action when `magic quotes gpc` is disabled. **Recommendations** For Noname CMS version 1.0, consider disabling the `detailansicht` and `kategorien` actions until a patch is available, or restrict access to these actions to minimize the risk of exploitation. Additionally, enable `magic quotes gpc` to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** BuzzyWall versions 1.3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The vulnerability can be exploited via the `search` parameter in the "search.php" file. **Recommendations** For BuzzyWall versions 1.3.1 and earlier, consider disabling the search functionality in search.php until a patch is available, or enable the `magic quotes gpc` setting to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** E-Uploader Pro version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the `id` parameter to various API endpoints such as "img.php", "file.php", "mail.php", "thumb.php", "zip.php", and "zipit.php", and the `view` parameter to "browser.php". **Recommendations** For E-Uploader Pro version 1.0, consider disabling the execution of SQL commands from user input until a patch is available. Restrict access to the `id` parameter in the affected API endpoints and the `view` parameter in "browser.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pro Chat Rooms version 3.0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands when the `magic quotes gpc` setting is disabled. This can be achieved by manipulating the `gud` parameter in specific API endpoints, such as profiles/index.php and profiles/admin.php. **Recommendations** For Pro Chat Rooms version 3.0.3, consider disabling the `gud` parameter in the affected API endpoints until a patch is available. Additionally, enabling the `magic quotes gpc` setting can help mitigate this issue. Restrict access to the profiles/index.php and profiles/admin.php endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joovili versions 3.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands when the `magic quotes gpc` setting is disabled. This can be achieved by manipulating the `id` parameter in various API endpoints, including "view.blog.php", "view.event.php", "view.group.php", "view.music.php", "view.picture.php", and "view.video.php". **Recommendations** For Joovili versions 3.0 and earlier, consider disabling the `id` parameter in the affected API endpoints until a patch is available. Restrict access to the vulnerable endpoints to minimize the risk of exploitation. As a temporary workaround, enable the `magic quotes gpc` setting to prevent SQL injection attacks.

Name of the Vulnerable Software and Affected Versions: Fastpublish CMS version 1.9999 d Description: The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by including a .. (dot dot) in the `target` parameter to API endpoints such as "index2.php" and "index.php". Recommendations: For Fastpublish CMS version 1.9999 d, as a temporary workaround, consider restricting access to the `index2.php` and `index.php` API endpoints until a patch is available. Avoid using the `target` parameter in these endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Fastpublish CMS version 1.9.9.9.9 d (1.9999 d) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `sprache` parameter to "index2.php" and the `artikel` parameter to "index.php". Recommendations: For Fastpublish CMS version 1.9.9.9.9 d (1.9999 d), consider restricting access to the `index2.php` and `index.php` endpoints until a patch is available. As a temporary workaround, avoid using the `sprache` and `artikel` parameters in the affected API endpoints.

Name of the Vulnerable Software and Affected Versions: Kasseler CMS versions 1.1.0 through 1.2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `nid` parameter to "index.php" in a View action to the News module, the `vid` parameter to "index.php" in a Result action to the Voting module, the `fid` parameter to "index.php" in a ShowForum action to the Forum module, the `tid` parameter to "index.php" in a ShowTopic action to the Forum module, the `uname` parameter to "index.php" in a UserInfo action to the Account module, or the `module` parameter to "index.php", which is probably related to the TopSites module. Recommendations: For Kasseler CMS version 1.1.0, update to a version that fixes the SQL injection vulnerabilities. For Kasseler CMS version 1.2.0, update to a version that fixes the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable modules, such as the News, Voting, Forum, and Account modules, until a patch is available. Avoid using the parameters `nid`, `vid`, `fid`, `tid`, `uname`, and `module` in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CustomCms (CCMS) Gaming Portal version 4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the print.php file when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the `id` parameter. **Recommendations** For CustomCms (CCMS) Gaming Portal version 4.0, consider disabling the print.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** YourOwnBux versions 3.1 through 3.2 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The `user` parameter is vulnerable to SQL injection. **Recommendations** For YourOwnBux versions 3.1 through 3.2 beta, consider enabling the `magic quotes gpc` setting to prevent SQL injection attacks via the `user` parameter. As a temporary workaround, restrict access to the `memberstats.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpMyRealty versions 1.0.9 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter in "pages.php" and the `price max` parameter in "search.php". **Recommendations** For phpMyRealty versions 1.0.9 and earlier, consider restricting access to the `pages.php` and `search.php` scripts until a patch is available. As a temporary workaround, avoid using the `id` and `price max` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** MiaCMS version 4.6.5 **Description** The issue concerns SQL injection vulnerabilities in the com content component. Remote attackers can execute arbitrary SQL commands by manipulating the `id` parameter in various actions, including view, category, or blogsection actions, to the "index.php" endpoint. **Recommendations** For MiaCMS version 4.6.5, consider restricting access to the `id` parameter in the com content component to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` parameter in the affected actions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PICTURESPRO Photo Cart version 3.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to multiple SQL injection vulnerabilities when magic quotes gpc is disabled. The vulnerable parameters are `qtitle`, `qid`, and `qyear` in the "search.php" endpoint, and `email` and `password` in the " login.php" endpoint. **Recommendations** For PICTURESPRO Photo Cart version 3.9, consider disabling the magic quotes gpc option or restricting access to the "search.php" and " login.php" endpoints until a patch is available. As a temporary workaround, avoid using the `qtitle`, `qid`, `qyear`, `email`, and `password` parameters in the affected endpoints.

**Name of the Vulnerable Software and Affected Versions** Web Directory Script versions 2.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `name` parameter in the listing view.php file. **Recommendations** For Web Directory Script versions 2.0 and earlier, consider restricting access to the `name` parameter in the listing view.php file until a patch is available. As a temporary workaround, avoid using the `name` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Matterdaddy Market version 1.1 **Description** The issue concerns SQL injection vulnerabilities in the index.php file of Matterdaddy Market. When the magic quotes gpc setting is disabled, remote attackers can execute arbitrary SQL commands by manipulating the `category` and `type` parameters. **Recommendations** For Matterdaddy Market version 1.1, consider disabling the `category` and `type` parameters in the index.php file until a patch is available, or enable the magic quotes gpc setting to prevent SQL injection attacks.