Co2

**Name of the Vulnerable Software and Affected Versions** DotContent FluentCMS versions 4.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `sid` parameter in the "view.php" file. **Recommendations** For DotContent FluentCMS versions 4.x, consider restricting access to the `sid` parameter in the view.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! and Mambo com webhosting module versions prior to 1.1 RC7 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `catid` parameter in the "index.php" endpoint. **Recommendations** For versions prior to 1.1 RC7, update to version 1.1 RC7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `catid` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlippingBook (com flippingbook) version 1.0.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `book id` parameter in the index.php file of the FlippingBook component for Joomla. **Recommendations** For version 1.0.4, avoid using the `book id` parameter in the index.php file until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Lasernet CMS versions 1.5 through 1.11 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The vulnerability can be exploited via the `new` parameter in a `new` action. **Recommendations** For Lasernet CMS versions 1.5 through 1.11, consider disabling the `new` action in the `index.php` file until a patch is available. Restrict access to the `new` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XplodPHP AutoTutorials versions 2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The `id` parameter is used for the exploitation. **Recommendations** For versions 2.1 and earlier, consider disabling the `viewcat.php` script until a patch is available, and ensure that the `magic quotes gpc` setting is enabled to prevent exploitation. Restrict access to the `id` parameter in the affected script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AlphaContent (com alphacontent) version 2.5.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a view action to "index.php". **Recommendations** For version 2.5.8, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected "index.php" endpoint.