Diabolic Crab

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions (affected versions not specified) Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the `key` parameter to "dc Categoriesview.asp", the `PID` parameter to "ratings.asp", the `start`, `key mp`, `searchtype`, or `psearch` parameters to "dc forum Postslist.asp". The vendor has disputed this issue, stating that the error messages arise from invalid category and product numbers. However, the issue still satisfies the definition of exposure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce (affected versions not specified) Description: The issue allows remote attackers to change a product price by modifying the `x DragonflyCartProductPrice` hidden field in several API endpoints, including "dc Categorieslist.asp", "dc Categoriesview.asp", "dc productslist.asp", and "dc productslist Clearance.asp". The vendor has disputed this issue, stating that Dragonfly Commerce does not allow editing prices or viewing client information except by authorized staff. However, SecurityTracker claims to have confirmed the problem. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Comersus (affected versions not specified) Description: The issue concerns SQL injection vulnerabilities in the Comersus shopping cart, allowing remote attackers to execute arbitrary SQL commands. This can be achieved via the `email` parameter to "comersus optAffiliateRegistrationExec.asp" or the `idProduct` parameter to "comersus optReviewReadExec.asp". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Comersus shopping cart (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `name` parameter to "comersus backoffice listAssignedPricesToCustomer.asp" and the `message` parameter to "comersus backoffice message.asp" are vulnerable. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PEAR XML RPC versions 1.3.0 and earlier PHPXMLRPC versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. This affects products such as WordPress, Serendipity, Drupal, egroupware, MailWatch, TikiWiki, phpWebSite, Ampache, and others. **Recommendations** For PEAR XML RPC versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. For PHPXMLRPC versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue. As a temporary workaround, consider disabling the use of XML files in the affected products until a patch is available. Restrict access to the eval statement in the affected PHP code to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Photopost PHP Pro (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `verifykey` parameter in the "member.php" file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ArticleLive 2005 Description: The issue allows remote attackers to gain privileges by modifying specific fields in a cookie, namely the `auth` and `userId` fields. Recommendations: For ArticleLive 2005, consider restricting access to sensitive areas of the application until a patch is available, and avoid relying on the `auth` and `userId` fields in cookies for authentication purposes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ArticleLive 2005 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the `Query`, `Username`, `LastName`, `Biography`, or `BlogId` parameters. Recommendations: For ArticleLive 2005, consider restricting input for the `Query`, `Username`, `LastName`, `Biography`, and `BlogId` parameters to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, disabling the use of these parameters or implementing input validation and sanitization can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FishCart version 3.1 Description: The issue concerns multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to certain PHP files. The affected parameters include `trackingnum`, `reqagree`, `m` to upstracking.php, and `nlst` to display.php. Recommendations: For FishCart version 3.1, consider restricting access to the upstracking.php and display.php files until a fix is available. As a temporary workaround, avoid using the `trackingnum`, `reqagree`, `m`, and `nlst` parameters in the affected API endpoints.

Name of the Vulnerable Software and Affected Versions: FishCart version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `cartid` parameter to 'upstnt.php' or the `psku` parameter to 'display.php'. The vendor disputes this report, claiming the errors are forced SQL errors, and the original researcher is known to be unreliable. Recommendations: For FishCart version 3.1, consider restricting access to the `upstnt.php` and `display.php` scripts to minimize the risk of exploitation. As a temporary workaround, avoid using the `cartid` and `psku` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: phpCoin version 1.2.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `search` parameter to "index.php", the `phpcoinsessid` parameter to "login.php", and the `id`, `dtopic id`, or `dcat id` parameters to "mod.php". Recommendations: For phpCoin version 1.2.2, as a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "index.php", "login.php", and "mod.php", until a patch is available. Avoid using the parameters `search`, `phpcoinsessid`, `id`, `dtopic id`, or `dcat id` in the affected endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MetaCart version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible via several parameters in different scripts, including the `intProdID` parameter to "product.asp", the `intCatalogID` or `strSubCatalogID` parameters to "productsByCategory.asp", and multiple parameters to "searchAction.asp", such as `chkText`, `strText`, `chkPrice`, `intPrice`, `chkCat`, or `strCat`. Recommendations: For MetaCart version 2.0, consider restricting access to the vulnerable scripts until a patch is available. As a temporary workaround, avoid using the specified parameters in the affected scripts.

Name of the Vulnerable Software and Affected Versions: MetaCart version 2.0 for PayFlow Description: The issue allows remote attackers to execute arbitrary commands. This is achieved through SQL injection vulnerabilities in several parameters, including `intCatalogID`, `strSubCatalogID`, `strSubCatalog NAME`, `curCatalogID`, `page`, and `intProdID`, which are passed to specific API endpoints such as "productsByCategory.asp" and "product.asp". Recommendations: For MetaCart version 2.0 for PayFlow, consider restricting access to the vulnerable parameters `intCatalogID`, `strSubCatalogID`, `strSubCatalog NAME`, `curCatalogID`, `page`, and `intProdID` in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in "productsByCategory.asp" and "product.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MetaCart e-Shop version 8.0 Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the `intProdID` parameter in "product.asp" or the `strCatalog NAME` parameter in "productsByCategory.asp". Recommendations: For MetaCart e-Shop version 8.0, consider restricting access to the `product.asp` and `productsByCategory.asp` pages until a patch is available. As a temporary workaround, avoid using the `intProdID` and `strCatalog NAME` parameters in the affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MetaBid Auctions (affected versions not specified) Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through the `username` or `password` fields in the "logIn.asp" endpoint, or via the `intAuctionID` parameter to the "item.asp" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CartWIZ ASP Cart (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including the `idProduct` parameter to "tellAFriend.asp" or "addToWishlist.asp", the `redirect` parameter to "access.asp" or "login.asp", the `message` parameter to "login.asp" or "error.asp", or the `sku` or `name` parameter to "searchResults.asp". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: StorePortal version 2.63 Description: The issue concerns SQL injection vulnerabilities in the default.asp file of StorePortal. Remote attackers can execute arbitrary SQL commands by manipulating certain parameters, including `language`, `bpic`, `idcategory`, `content`, `keyword`, or `idproduct`. Recommendations: For StorePortal version 2.63, consider restricting access to the default.asp file until a patch is available. As a temporary workaround, avoid using the vulnerable parameters `language`, `bpic`, `idcategory`, `content`, `keyword`, or `idproduct` in the default.asp file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BK Forum version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "member.asp", the `forum` parameter to "forum.asp", or various parameters in "register.asp". Recommendations: For BK Forum version 4.0, avoid using the `id` parameter in "member.asp", the `forum` parameter in "forum.asp", or various parameters in "register.asp" until a fix is available. Consider restricting access to these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: CartWIZ ASP Cart (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through various API endpoints and parameters, including the `idProduct` parameter to "addToCart.asp" or "productDetails.asp", the `priceFrom`, `idCategory`, or `priceTo` parameters to "searchResults.asp", or the `idParentCategory` parameter to "productCatalogSubCats.asp". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DUportal Pro version 3.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different API endpoints, including: the `nChannel` parameter to "/default.asp", "/cat.asp", or "/detail.asp", the `iChannel` parameter to "/search.asp", "/default.asp", "/result.asp", "/cat.asp", or "/detail.asp", the `iCat` parameter to "/cat.asp" or "/detail.asp", the `iData` parameter to "/detail.asp" or "/result.asp", the `POL ID`, `POL PARENT`, `POL CATEGORY`, `CHA NAME`, or `CHA ID` parameters to "/inc vote.asp", or the `tfm order` or `tfm orderby` parameters to "/toppages.asp". **Recommendations** For version 3.4, consider disabling the SQL execution functionality until a patch is available. Restrict access to the vulnerable API endpoints, such as "/default.asp", "/cat.asp", "/detail.asp", "/search.asp", "/result.asp", "/inc vote.asp", and "/toppages.asp", to minimize the risk of exploitation. Avoid using the vulnerable parameters, such as `nChannel`, `iChannel`, `iCat`, `iData`, `POL ID`, `POL PARENT`, `POL CATEGORY`, `CHA NAME`, `CHA ID`, `tfm order`, and `tfm orderby`, in the affected API endpoints until the issue is resolved.