Black-Code

**Name of the Vulnerable Software and Affected Versions** Chipmunk directory (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `start` parameter in the directory/index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mambo Gallery Manager (MGM) versions 0.95r2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the administrator/components/com mgm/help.mgm.php file. **Recommendations** For Mambo Gallery Manager (MGM) versions 0.95r2 and earlier, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Diesel Joke Site (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "category.php" file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** saphplesson version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `forumid` parameter in "add.php" and the `lessid` parameter in "show.php". **Recommendations** For version 2.0, consider restricting access to the `add.php` and `show.php` scripts until a patch is available. As a temporary workaround, avoid using the `forumid` and `lessid` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Chipmunk guestbook (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via the `start` parameter in `index.php`, the `forumID` parameter in `index.php`, `newtopic.php`, and `reply.php`, and the `ID` parameter in `edit.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.