Crazy Cracker

**Name of the Vulnerable Software and Affected Versions** QTOFileManager version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension to qtofm.php, and then accessing it via a direct request. **Recommendations** For QTOFileManager version 1.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.0 and possibly other versions **Description** The issue concerns SQL injection vulnerabilities in the Content module. Remote attackers can execute arbitrary SQL commands via specific parameters in certain actions. The vulnerable parameters are `cid` in a "list pages categories" action and `pid` in a "showpage" action. **Recommendations** For PHP-Nuke version 6.0, consider restricting access to the Content module until a fix is available. As a temporary workaround, avoid using the `cid` parameter in the "list pages categories" action and the `pid` parameter in the "showpage" action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostNuke (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `lid` parameter in a "viewdownloaddetails" operation. This might be related to the `viewdownloaddetails` function in `dl-downloaddetails.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Invision Power Board versions 1.x through 2.x **Description** Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via various parameters in different actions in index.php and coins list.php. The vulnerable parameters include `idcat`, `code`, `id`, `CODE`, and `member id` in actions such as ketqua, Attach, ref, Profile, Login, Help, and coins list. The developer has disputed this issue, stating that the CODE attribute is never present in an SQL query and the 'ketqua' action and file 'coin list.php' are not standard IPB 2.x features. It is unknown whether these vectors are associated with an independent module or modification of IPB. **Recommendations** For Invision Power Board versions 1.x through 2.x, as a temporary workaround, consider disabling the vulnerable actions and parameters, such as `ketqua`, `Attach`, `ref`, `Profile`, `Login`, `Help`, and `coins list`, until a patch is available. Restrict access to the vulnerable parameters `idcat`, `code`, `id`, `CODE`, and `member id` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeHost (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the `readme` parameter to the "/FreeHost/misc.php" API endpoint or the `index` parameter to the "/FreeHost/news.php" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Belchior Foundry vCard PRO (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `cat id` parameter to "gbrowse.php", the `card id` parameter to "rating.php" and "create.php", and the `event id` parameter to "search.php". **Recommendations** For Belchior Foundry vCard PRO, as a temporary workaround, consider restricting access to the vulnerable API endpoints "gbrowse.php", "rating.php", "create.php", and "search.php" until a patch is available. Avoid using the parameters `cat id`, `card id`, and `event id` in the respective affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xoops Glossaire module version 1.7 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pa` parameter in the index.php file of the Glossaire module. **Recommendations** For Xoops Glossaire module version 1.7, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `pa` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CrisoftRicette version 1.0pre15b **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `crisoftricette` parameter in the recipe/cookbook.php file. **Recommendations** For CrisoftRicette version 1.0pre15b, consider restricting access to the `crisoftricette` parameter in the recipe/cookbook.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyNewsGroups version 0.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `grp id` parameter in the "tree.php" file. **Recommendations** For MyNewsGroups version 0.6, avoid using the `grp id` parameter in the vulnerable "tree.php" file until a fix is available. Consider restricting access to the "tree.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RahnemaCo.com product (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pageid` parameter in the `page.php` file. This can be exploited by providing a malicious URL as the value for the `pageid` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 3.5.x **Description** A cross-site scripting (XSS) issue in member.php allows remote attackers to inject arbitrary web script or HTML via the `u` parameter. The vendor has disputed this report, stating that they have been unable to replicate the issue and that the `userid` parameter is run through their filtering system as an unsigned integer. **Recommendations** For vBulletin versions 3.5.x, as a temporary workaround, consider restricting access to the `member.php` file until the issue is resolved. Avoid using the `u` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VBZooM versions 1.00 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `MemberID` parameter to "rank.php" and the `QuranID` parameter to "lng.php". **Recommendations** For VBZooM versions 1.00 and earlier, as a temporary workaround, consider restricting access to the "rank.php" and "lng.php" scripts until a patch is available. Avoid using the `MemberID` and `QuranID` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VBZooM versions 1.11 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `UserID` parameter in the message.php file. **Recommendations** For VBZooM versions 1.11 and earlier, consider restricting access to the message.php file or the `UserID` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 2.0 RC2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `boardid` parameter in the "newthread.php" file. **Recommendations** For Woltlab Burning Board (WBB) version 2.0 RC2, consider restricting access to the `newthread.php` file until a patch is available, and avoid using the `boardid` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `boardid` parameter in the "showmods.php" file. **Recommendations** For Woltlab Burning Board (WBB) version 1.2, consider restricting access to the `showmods.php` file until a patch is available. As a temporary workaround, avoid using the `boardid` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 2.3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `postid` parameter in the "report.php" endpoint. **Recommendations** For Woltlab Burning Board (WBB) version 2.3.1, update to a version that fixes this issue, as using the `postid` parameter in the "report.php" endpoint can lead to arbitrary SQL command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 2.2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `sid` parameter in the studienplatztausch.php file. **Recommendations** For Woltlab Burning Board (WBB) version 2.2.1, consider restricting access to the studienplatztausch.php file until a patch is available. As a temporary workaround, avoid using the `sid` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 2.2.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `threadid` parameter in the "thread.php" file. **Recommendations** For Woltlab Burning Board (WBB) version 2.2.2, update to a version that fixes this issue to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board (WBB) version 2.1.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `userid` parameter in the "profile.php" file. **Recommendations** For Woltlab Burning Board (WBB) version 2.1.6, consider restricting access to the `userid` parameter in the "profile.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SaphpLesson versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `action` parameter in the "misc.php" file. **Recommendations** For SaphpLesson versions 1.1 and earlier, consider restricting access to the vulnerable "misc.php" file until a patch is available. As a temporary workaround, avoid using the `action` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.