Crux

**Name of the Vulnerable Software and Affected Versions** Pre Classified Listings ASP (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `email` parameter in the signup.asp file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMySite (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `action` parameter in the "index.php" file. This can be exploited by sending a malicious request to the '/index.php' endpoint. **Recommendations** For phpMySite, consider restricting access to the `action` parameter in the "index.php" file to minimize the risk of exploitation. Avoid using the `action` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMySite (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the contact.php file of phpMySite. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the `name`, `city`, `email`, `state`, and `message` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.