Deyaa Muhammad

**Name of the Vulnerable Software and Affected Versions** All in One Video Downloader version 1.2 **Description** An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the `id` parameter. By sending requests to the admin interface with UNION-based SQL injection payloads in the `id` parameter, attackers can extract sensitive database information, including usernames, databases, and version details. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Listing Hub CMS version 1.0 **Description** An issue allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'pages.php' endpoint using crafted values in the `id` parameter. The attack utilizes error-based SQL injection, a technique that forces the database to produce error messages containing the requested data, to extract database credentials, usernames, and version information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zuz Music version 2.1 **Description** A persistent cross-site scripting issue allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. The injection occurs via the `name`, `subject`, and `message` parameters in POST requests to the '/gmusic/zuzconsole/ contact' endpoint. The injected script executes when administrators view the messages within the inbox interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.