Cr3W-Dz

**Name of the Vulnerable Software and Affected Versions** CMScout version 2.0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album` parameter in a "photos" action in the index.php file. **Recommendations** For CMScout version 2.0.8, consider restricting access to the `album` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `album` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alibaba Clone B2B version 3.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `es id` parameter in the countrydetails.php file. **Recommendations** For version 3.4, consider restricting access to the countrydetails.php file or the `es id` parameter to minimize the risk of exploitation. Avoid using the `es id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Internet DM WebDM CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `cf id` parameter in the cont form.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PTCPay GeN3 forum version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter in the main forum.php file. **Recommendations** For version 1.3, avoid using the `cat` parameter in the main forum.php file until a fix is available. Consider restricting access to the main forum.php file to minimize the risk of exploitation.