!-Bugjack-!

**Name of the Vulnerable Software and Affected Versions** EZpack version 4.2b2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `qType` parameter in a "webboard prog" action. **Recommendations** For EZpack version 4.2b2, avoid using the `qType` parameter in the "webboard prog" action until a fix is available. Consider restricting access to the vulnerable `index.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EZpack version 4.2b2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `mfdf` parameter in a 'prog' action in the index.php file. **Recommendations** For EZpack version 4.2b2, consider restricting access to the `mfdf` parameter in the index.php file to minimize the risk of exploitation. Avoid using the `mfdf` parameter in the affected API endpoint until the issue is resolved.