Backdoor

**Name of the Vulnerable Software and Affected Versions** Pre Real Estate Listings (affected versions not specified) **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo. The exploitation involves accessing the uploaded file directly via a request to the file in `re images/`. **Recommendations** For all affected versions, consider restricting file uploads to only allow non-executable file extensions as a temporary mitigation measure. Restrict access to the `re images/` directory to minimize the risk of exploitation. Avoid using the profile logo upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pre Real Estate Listings (affected versions not specified) Description: The issue concerns SQL injection vulnerabilities in the login.php file. Remote attackers can execute arbitrary SQL commands by manipulating the `us` parameter (also known as the Username field) or the `ps` parameter (also known as the Password field). Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** A Better Member-Based ASP Photo Gallery versions prior to 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `entry` parameter in the "gallery/view.asp" API endpoint. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "gallery/view.asp" endpoint or validating and sanitizing the `entry` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Camera Life version 2.6.2b4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the album.php file. **Recommendations** For Camera Life version 2.6.2b4, avoid using the `id` parameter in the album.php file until a fix is available. As a temporary workaround, consider restricting access to the album.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Camera Life version 2.6.2b4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `name` parameter in the topic.php file. **Recommendations** For version 2.6.2b4, avoid using the `name` parameter in the topic.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `name` parameter to prevent malicious script injection.

**Name of the Vulnerable Software and Affected Versions** SAM Broadcaster samPHPweb versions 4.2.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `songid` parameter in the songinfo.php file. This enables attackers to manipulate the database, potentially leading to unauthorized data access or modification. **Recommendations** For versions 4.2.2 and earlier, consider restricting access to the songinfo.php file until a patch is available. As a temporary workaround, avoid using the `songid` parameter in the affected file to minimize the risk of exploitation.