0X1Ceking

**Name of the Vulnerable Software and Affected Versions** Libro de Reclamaciones y Quejas versions 0.9 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 0.9 and earlier, as a temporary workaround, consider restricting access to sensitive database operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cnilsson iCafe Library versions 1.8.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions 1.8.3 and earlier, update to a version that fixes the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mad Mimi for WordPress versions 1.5.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For Mad Mimi for WordPress versions 1.5.1 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Absolute Links versions n/a through 1.1.1 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be exploited. Recommendations: For versions n/a through 1.1.1, consider restricting access to sensitive database queries until a patch is available. As a temporary workaround, avoid using user-supplied input in SQL commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: andreyk Remote Images Grabber versions 0.6 and earlier Description: The issue affects andreyk Remote Images Grabber, allowing Reflected XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting attacks. Recommendations: For andreyk Remote Images Grabber versions 0.6 and earlier, consider disabling the web page generation feature until a patch is available to prevent Reflected XSS attacks. Restrict access to user-inputted data in web pages to minimize the risk of exploitation. Avoid using user-inputted data in web page generation until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: proxymis Interview versions n/a through 1.01 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL code, potentially leading to unauthorized access or manipulation of data. Recommendations: For versions n/a through 1.01, ensure that input validation and sanitization are properly implemented to prevent malicious SQL code injection. As a temporary workaround, consider restricting access to sensitive database operations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Remote Images Grabber plugin for WordPress versions up to, and including, 0.6 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 0.6, consider updating to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AI Mortgage Calculator versions n/a through 1.0.1 **Description** The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a type of security vulnerability that can occur when a web application uses user-input data to include files without proper validation, potentially allowing an attacker to access sensitive files on the server. **Recommendations** For AI Mortgage Calculator versions n/a through 1.0.1, consider restricting access to the include/require statements to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the vulnerable PHP functions that allow file inclusion until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.