Cyberghost

Name of the Vulnerable Software and Affected Versions: Furkan Tastan Blog (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "goster kat" action within the kategori.asp file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Fullaspsite GeometriX Download Portal (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "down indir.asp" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EfesTECH Haber version 5.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to the top-level URI. **Recommendations** For EfesTECH Haber version 5.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the top-level URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CreaDirectory version 1.2 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the error.asp file. **Recommendations** For version 1.2, consider restricting access to the error.asp file or avoiding the use of the `id` parameter until a fix is available.

Name of the Vulnerable Software and Affected Versions: Active Trade 2 (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in the "default.asp" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Active Auction Pro version 7.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in the default.asp file. Recommendations: For Active Auction Pro version 7.1, consider restricting access to the default.asp file until a patch is available. As a temporary workaround, avoid using the `catid` parameter in the affected default.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Active Link Engine version (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in the "default.asp" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Active Photo Gallery (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `catid` parameter in the "default.asp" file. This can be exploited by sending a malicious request to the '/default.asp' endpoint, potentially allowing attackers to manipulate database queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** X-Ice News System version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "devami.asp" endpoint. **Recommendations** For X-Ice News System version 1.0, consider restricting access to the `id` parameter in the devami.asp endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GaziYapBoz Game Portal (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the kategori.asp file, specifically through the `kategori` parameter in the API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ActiveBuyAndSell version 6.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `catid` parameter to API endpoints such as "default.asp" or "buyersend.asp", the Administrator ID field in "admin.asp", the E-mail field in "advertiserstart.asp" or "buyer.asp", or the Keyword field in "search.asp". Recommendations: For ActiveBuyAndSell version 6.2, consider restricting access to the `catid` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the Administrator ID field in "admin.asp", the E-mail field in "advertiserstart.asp" or "buyer.asp", and the Keyword field in "search.asp" to minimize the risk of exploitation.