Damar

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke NukeC module versions 2.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id catg` parameter in a "ViewCatg" action. **Recommendations** For PHP-Nuke NukeC module version 2.1, avoid using the `id catg` parameter in the affected API endpoint until the issue is resolved. Consider temporarily restricting access to the modules.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke (affected versions not specified) **Description** A SQL injection issue exists in the Docum module, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `artid` parameter in a "viewarticle" operation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced Webhost Billing System (AWBS) version 2.4.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `workdir` parameter in the docs/front-end-demo/cart2.php file. **Recommendations** For Advanced Webhost Billing System (AWBS) version 2.4.0, consider restricting access to the `workdir` parameter in the affected file to minimize the risk of exploitation.