Easy Laster

**Name of the Vulnerable Software and Affected Versions** Pre Printing Press (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pid` parameter in the product desc.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Posse Softball Director CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `idteam` parameter in the team.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Witze addon version 0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "show" action within the jokes/index.php file. **Recommendations** For Witze addon version 0.9, consider restricting access to the `id` parameter in the jokes/index.php file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** deV!L'z Clanportal (DZCP) version 1.5.5 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in a `showkat` action to the "index.php" endpoint. **Recommendations** For version 1.5.5, avoid using the `id` parameter in the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `showkat` action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** deV!L'z Clanportal (DZCP) Gamebase addon (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `gameid` parameter in a detail action to the "index.php" endpoint. **Recommendations** As a temporary workaround, consider restricting access to the `gameid` parameter in the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MH Products kleinanzeigenmarkt (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `c` parameter in the "search.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 2daybiz Polls (aka Advanced Poll) Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `category` parameter in the searchvote.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BrotherScripts (BS) and ScriptsFeed Auto Dealer (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "info.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BrotherScripts (BS) Business Directory (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "articlesdetails.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JExtensions JE Directory (com jedirectory) component version 1.0 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in an item action to the "index.php" endpoint. **Recommendations** For version 1.0, avoid using the `catid` parameter in the item action to the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MH Products Easy Online Shop (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `kat` parameter in the content.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MHP Downloadshop (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `ItemID` parameter in the view item.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For all affected versions, consider restricting access to the view item.php file until a patch is available. As a temporary workaround, avoid using the `ItemID` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MG User-Fotoalbum (mg user fotoalbum panel) module version 1.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album id` parameter in the infusions/mg user fotoalbum panel/mg user fotoalbum.php file. **Recommendations** For MG User-Fotoalbum (mg user fotoalbum panel) module version 1.0.1, consider restricting access to the `album id` parameter in the affected PHP file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Anzeigenmarkt 2011 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `q` parameter in a "list" action, specifically targeting the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Immo Makler (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "news.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** My Little Forum (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "contact.php" file. This is a different attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hi Web Wiesbaden Live Shopping Multi Portal System (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `artikel` parameter in the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pay Per Watch & Bid Auktions System (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id auk` parameter in the "auktion.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uiga Fan Club version as downloaded on 20100310 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "photos" action within the index.php file. **Recommendations** For the version as downloaded on 20100310, consider restricting access to the `id` parameter in the "photos" action to minimize the risk of exploitation. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Uiga Personal Portal version as downloaded on 20100301 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a "photos" action. This can be exploited by sending a malicious request to the `/index.php` endpoint. **Recommendations** For Uiga Personal Portal version as downloaded on 20100301, consider restricting access to the `id` parameter in the "photos" action to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.