D4M14N

**Name of the Vulnerable Software and Affected Versions** Bigware Shop version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `pollid` parameter in a results action to the "main bigware 53.php" endpoint. **Recommendations** For Bigware Shop version 2.0, avoid using the `pollid` parameter in the "main bigware 53.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "main bigware 53.tpl.php" template to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WBB2-Addon: Acrotxt version 1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `show` parameter in the `acrotxt.php` file. This enables attackers to manipulate the database by injecting malicious SQL code. **Recommendations** For version 1, consider restricting access to the `acrotxt.php` file until a patch is available. As a temporary workaround, avoid using the `show` parameter in the affected file to minimize the risk of exploitation.