Crackers_Child

**Name of the Vulnerable Software and Affected Versions** phpscripts Ranking Script (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and gain administrative access by sending an `admin` cookie with the value `ja`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BosNews version 4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `article` parameter in the news.php file. **Recommendations** For BosNews version 4.0, consider restricting access to the news.php file until a patch is available. As a temporary workaround, avoid using the `article` parameter in the news.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openEngine version 2.0 beta2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `oe classpath` parameter when `register globals` is enabled. This is a different vector than previously identified issues. **Recommendations** For openEngine version 2.0 beta2, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `oe classpath` parameter in the `cms/classes/openengine/filepool.php` file to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** PHP Jabbers Post Comment version 3.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `PostCommentsAdmin` cookie to "logged". **Recommendations** For PHP Jabbers Post Comment version 3.0, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid relying solely on the `PostCommentsAdmin` cookie for authentication.

**Name of the Vulnerable Software and Affected Versions** Ayco Okul Portali (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `linkid` parameter in the "default.asp" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FoT Video scripti version 1.1 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `oyun` parameter in the "izle.asp" file. **Recommendations** For version 1.1 beta, avoid using the `oyun` parameter in the affected "izle.asp" file until the issue is resolved. As a temporary workaround, consider restricting access to the "izle.asp" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Machines phpRaider versions 1.0.6 through 1.0.7 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pConfig auth[smf path]` parameter in the authentication/smf/smf.functions.php file. **Recommendations** For versions 1.0.6 and 1.0.7, avoid using the `pConfig auth[smf path]` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the smf.functions.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kubelance version 1.6.4 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved via the `i` parameter in the `ipn.php` file. **Recommendations** For version 1.6.4, consider restricting access to the `ipn.php` file until a patch is available. As a temporary workaround, avoid using the `i` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YourFreeWorld Apartment Search Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `r` parameter in the listtest.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke Inhalt module (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `cid` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** beContent version 0.3.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the news.php file. **Recommendations** For beContent version 0.3.1, avoid using the `id` parameter in the news.php file until a fix is available. Consider restricting access to the news.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thecus N5200Pro NAS Server (affected versions not specified) **Description** A remote file inclusion issue in the `usrgetform.html` file of the Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the `name` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartscript Domain Trader version 2.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in a "viewcategory" action. **Recommendations** For version 2.0, consider restricting access to the `id` parameter in the "viewcategory" action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iTechClassifieds version 3.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `CatID` parameter in the ViewCat.php file. **Recommendations** For iTechClassifieds version 3.0, consider restricting access to the ViewCat.php file or validating and sanitizing the `CatID` parameter to prevent injection of malicious scripts. As a temporary workaround, avoid using the `CatID` parameter in the affected file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iTechClassifieds version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `CatID` parameter in the ViewCat.php file. **Recommendations** For iTechClassifieds version 3.0, consider restricting access to the ViewCat.php file until a patch is available, and avoid using the `CatID` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ynews (com ynews) version 1.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "showYNews" action. **Recommendations** For Ynews (com ynews) version 1.0.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ChronoEngine ChronoForms (com chronocontact) version 2.3.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter to various PHP files, including (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in the excelwriter/ directory; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in the excelwriter/Writer/ directory. **Recommendations** For ChronoEngine ChronoForms (com chronocontact) version 2.3.5, consider disabling access to the vulnerable PHP files until a patch is available. Restrict access to the `mosConfig absolute path` parameter to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SNETWORKS PHP CLASSIFIEDS version 5.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path escape` parameter in the config.inc.php file. **Recommendations** For SNETWORKS PHP CLASSIFIEDS version 5.0, consider restricting access to the config.inc.php file to minimize the risk of exploitation. Avoid using the `path escape` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** samPHPweb versions possibly 4.2.2 and others **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `commonpath` parameter in the common/db.php file, as provided with SAM Broadcaster. **Recommendations** For samPHPweb version 4.2.2, consider restricting access to the common/db.php file until a patch is available. For other affected versions of samPHPweb, avoid using the `commonpath` parameter in the common/db.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MatPo Bilder Galerie version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config[root ordner]` parameter in the includes/tumbnail.php file. **Recommendations** For MatPo Bilder Galerie version 1.1, consider restricting access to the `includes/tumbnail.php` file to minimize the risk of exploitation. Avoid using the `config[root ordner]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.