Blackhawk

**Name of the Vulnerable Software and Affected Versions** Podcast Generator versions 1.1 and earlier **Description** The issue allows remote authenticated administrators to inject arbitrary PHP code into config.php via the `recent` parameter in a config change action. This is a static code injection issue in the index.php file. **Recommendations** For Podcast Generator versions 1.1 and earlier, consider restricting access to the config change action until a patch is available. As a temporary workaround, avoid using the `recent` parameter in the affected config change action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Podcast Generator versions 1.1 and earlier **Description** The issue allows remote attackers to delete arbitrary files due to improper access restriction to administrative functions. This can be achieved via the `file` parameter. **Recommendations** For Podcast Generator versions 1.1 and earlier, restrict access to the core/admin/delete.php file to prevent unauthorized deletion of files. As a temporary workaround, consider disabling the delete functionality in the administrative interface until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Evilsentinel versions 1.0.9 and earlier **Description** The issue allows remote attackers to gain administrative privileges and make arbitrary configuration changes due to a problem in the admin/index.php file, which sends a redirect to the web browser but does not exit. **Recommendations** For versions 1.0.9 and earlier, update to a version that fixes this issue to prevent administrative privilege escalation and arbitrary configuration changes.

Name of the Vulnerable Software and Affected Versions: LightBlog version 8.4.1.1 Description: The issue concerns a lack of proper credential checking in the `cp memberedit.php` file, allowing remote authenticated users to elevate the privileges of any account. Recommendations: For LightBlog version 8.4.1.1, consider restricting access to the `cp memberedit.php` file until a proper fix is applied, to prevent unauthorized privilege escalation.

**Name of the Vulnerable Software and Affected Versions** MyCMS versions 0.9.8 and earlier **Description** The issue allows remote attackers to gain privileges by exploiting the `admin cookie` parameter. This can be achieved by sending a post request to "admin/settings.php" that injects PHP code into `settings.inc`, which can then be executed via a direct request to "index.php". **Recommendations** For MyCMS versions 0.9.8 and earlier, as a temporary workaround, consider restricting access to the "admin/settings.php" endpoint and avoid using the `admin cookie` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** MyCMS versions 0.9.8 and earlier **Description** The issue allows remote attackers to inject arbitrary PHP code into specific files, which can then be included by games.php, potentially leading to code execution. This can be achieved via the `score` parameter or a login cookie. Programs that use games.php, such as snakep.php and tetrisp.php, might be affected. **Recommendations** For MyCMS versions 0.9.8 and earlier, consider disabling the inclusion of user-supplied data in games.php until a patch is available. Restrict access to the `score` parameter and login cookies to minimize the risk of exploitation. Avoid using the `score` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MyCMS versions 0.9.8 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `id` parameter in the games.php file. **Recommendations** For MyCMS versions 0.9.8 and earlier, consider restricting access to the games.php file until a patch is available. Avoid using the `id` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Solar Empire versions 2.9.1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the User-Agent HTTP header in the game listing.php file. **Recommendations** For versions 2.9.1.1 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the game listing.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: RevokeBB versions 1.0 RC4 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `revokebb user` cookie. Recommendations: For RevokeBB versions 1.0 RC4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Inout Meta Search Engine (affected versions not specified) Description: The issue concerns a certain admin script in the software that fails to exit when administrative credentials are missing. This allows remote attackers to inject arbitrary PHP code. The exploitation can be demonstrated by sending a request to "admin/create engine.php" followed by a request to "admin/generate tabs.php". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft E-Friends versions 4.21 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pack` parameter in a "paypal" action for "index.php". **Recommendations** For versions 4.21 and earlier, consider restricting access to the "paypal" action in "index.php" to minimize the risk of exploitation until a patch is available. Avoid using the `pack` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Template Seller Pro versions 3.25 and earlier **Description** The issue allows remote attackers to inject a credential variable setting and obtain administrative access. This is possible because when administrative credentials are missing, the software sends a redirect to the web browser but does not exit. Attackers can exploit this via a direct request to "admin/changeinfo.php". **Recommendations** For versions 3.25 and earlier, consider disabling access to the "admin/changeinfo.php" endpoint until a fix is available. Restrict administrative access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Live Support version 1.21 **Description** The issue allows remote attackers to obtain administrative access. This is possible because when administrative credentials are missing, the software sends a redirect to the web browser but does not exit. Attackers can exploit this by making a direct request to the "admin/managesettings.php" endpoint. **Recommendations** For AlstraSoft Live Support version 1.21, consider restricting access to the "admin/managesettings.php" endpoint until a fix is available. As a temporary workaround, ensure that administrative credentials are always provided to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Template Seller Pro versions 3.25 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via an unrestricted file upload vulnerability. This is achieved by uploading an arbitrary .php filename in the `zip` parameter, which is then created under the sptemplates/ directory. **Recommendations** For versions 3.25 and earlier, consider disabling the file upload functionality in admin/addsptemplate.php until a patch is available. Restrict access to the sptemplates/ directory to minimize the risk of exploitation. Avoid using the `zip` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpMyNewsletter versions 0.8 beta5 and earlier **Description** The issue allows remote attackers to compose and send an e-mail message by exploiting a flaw in the admin/send mod.php file. This is possible when administrative credentials are missing, and the script prints a Location header but does not exit. Attackers can send a post request with the `subject`, `message`, `format`, and `list id` fields to compose the message, and then send it via a direct request for the `MsgId` value under the admin directory, specifically the "/admin/" endpoint. **Recommendations** For phpMyNewsletter versions 0.8 beta5 and earlier, as a temporary workaround, consider restricting access to the admin/send mod.php file until a patch is available. Additionally, restrict the use of the `subject`, `message`, `format`, and `list id` fields in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyNewsletter versions 0.8 beta5 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in the loss of configuration data, and possibly perform direct static code injection. This is achieved through accessing configuration modification before login via a 'saveGlobalconfig' action in the 'admin/index.php' file. **Recommendations** For phpMyNewsletter versions 0.8 beta5 and earlier, as a temporary workaround, consider restricting access to the 'admin/index.php' file to prevent unauthorized configuration modifications until a fix is available. Avoid using the 'saveGlobalconfig' action in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBlog versions 0.9.8 and earlier **Description** A direct static code injection issue allows remote authenticated admin users to inject arbitrary PHP code via the `content` parameter in admin/settings.php, which can be executed by accessing "index.php". **Recommendations** For MyBlog versions 0.9.8 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** InoutMailingListManager versions 3.1 and earlier **Description** The issue allows remote attackers to access certain restricted functionality and upload and execute arbitrary PHP code by setting an arbitrary admin cookie. **Recommendations** For InoutMailingListManager versions 3.1 and earlier, update to a version later than 3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InoutMailingListManager versions 3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "changename.php" and potentially other unspecified vectors. **Recommendations** For InoutMailingListManager versions 3.1 and earlier, update to a version later than 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the "changename.php" endpoint and avoid using the `id` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** InoutMailingListManager versions 3.1 and earlier **Description** The issue allows remote attackers to access certain restricted functionality and upload and execute arbitrary PHP code by ignoring a Location redirect header sent after an authorization check fails. **Recommendations** For InoutMailingListManager versions 3.1 and earlier, update to a version that properly exits after an authorization check fails to prevent access to restricted functionality and arbitrary code execution.