Eddie Tc Chang

**Name of the Vulnerable Software and Affected Versions** PHPMyWind version 5.5 **Description** A stored Cross-site Scripting (XSS) issue was found. The `username` parameter of the "/install/index.php" page is vulnerable. This can be demonstrated via the "admin/login.php" page. **Recommendations** For PHPMyWind version 5.5, consider restricting access to the "/install/index.php" page and avoid using the `username` parameter until a fix is available. As a temporary workaround, restrict the use of the vulnerable page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPMyWind version 5.5 **Description** A reflected Cross-site Scripting (XSS) issue was found. The issue is related to the "method" parameter of the "data/api/oauth/connect.php" page. **Recommendations** For PHPMyWind version 5.5, consider restricting access to the `data/api/oauth/connect.php` page until a fix is available. As a temporary workaround, avoid using the `method` parameter in this page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DbNinja version 3.2.7 **Description** The issue allows for XSS via the `data.php` task parameter in the ` includesonline.php` file, but only if the ` users/admin/tasks.php` file exists. **Recommendations** For DbNinja version 3.2.7, consider restricting access to the ` includesonline.php` file or the `data.php` task parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `data.php` task parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DbNinja version 3.2.7 **Description** The issue allows session fixation via the `sessid` parameter in the "data.php" endpoint. **Recommendations** For DbNinja version 3.2.7, avoid using the `sessid` parameter in the "data.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MyWebSQL version 3.7 **Description** The issue allows for remote code execution (RCE) after an attacker writes shell code into the database and executes the Backup Database function with a .php filename for the backup's archive file. **Recommendations** For MyWebSQL version 3.7, avoid using the Backup Database function with .php filenames for the backup's archive file until a patch is available. As a temporary workaround, consider restricting access to the Backup Database function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyWebSQL version 3.7 **Description** The issue allows for Cross-site request forgery (CSRF) that can be used to delete a database. This can be achieved via the "/?q=wrkfrm&type=databases" API endpoint. **Recommendations** For MyWebSQL version 3.7, consider restricting access to the "/?q=wrkfrm&type=databases" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyWebSQL version 3.7 **Description** A Stored Cross-site Scripting (XSS) issue was found in the Add User function of the User Manager pages, specifically in the `User Name` field. **Recommendations** For MyWebSQL version 3.7, consider disabling the Add User function in the User Manager pages until a patch is available to prevent potential exploitation of the Stored Cross-site Scripting (XSS) vulnerability.

**Name of the Vulnerable Software and Affected Versions** KindEditor version 4.1.11 **Description** The issue is related to a reflected Cross-site Scripting (XSS) vulnerability. This occurs in the `content1` parameter of the php/demo.php endpoint. **Recommendations** For KindEditor version 4.1.11, as a temporary workaround, consider restricting access to the `content1` parameter in the php/demo.php endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DbNinja version 3.2.7 **Description** The issue is related to a Stored Cross-site Scripting (XSS) vulnerability. This vulnerability is found in the Add Host function of the Manage Hosts pages, specifically in the `User Name` field. **Recommendations** For DbNinja version 3.2.7, as a temporary workaround, consider restricting input to the `User Name` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SIDU version 6.0 **Description** A reflected Cross-site Scripting (XSS) issue was found. The `dbs` parameter of the 'conn.php' page is vulnerable. **Recommendations** For SIDU version 6.0, update the conn.php page to properly sanitize the `dbs` parameter to prevent XSS attacks. As a temporary workaround, consider restricting access to the conn.php page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SIDU version 6.0 **Description** An issue was discovered where the database name is not strictly filtered, allowing an attacker to insert a name containing an XSS Payload, leading to stored XSS. **Recommendations** For SIDU version 6.0, consider implementing strict filtering for database names to prevent the insertion of malicious content, such as XSS Payloads, until a patch is available. As a temporary workaround, restrict access to the database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CSS-TRICKS Chat2 versions through 2015-05-05 **Description** An issue was discovered in the software, where the `userid` parameter in the "jumpin.php" endpoint has a SQL injection issue. **Recommendations** For CSS-TRICKS Chat2 versions through 2015-05-05, avoid using the `userid` parameter in the "jumpin.php" endpoint until the issue is resolved. Consider restricting access to the "jumpin.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.8.5 **Description** A SQL injection attack can be triggered through the designer feature by using a specially crafted `username`. This allows for potential exploitation. **Recommendations** For versions prior to 4.8.5, update to version 4.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the designer feature until a patch is applied. Avoid using specially crafted usernames in the affected feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** webERP version 4.15 **Description** The issue is related to Incorrect Access Control in the Z CreateCompanyTemplateFile.php file, allowing the overwrite of an existing .sql file on the target web site. This can be achieved by creating a template and then using ../ directory traversal in the `TemplateName` parameter. **Recommendations** For webERP version 4.15, consider restricting access to the Z CreateCompanyTemplateFile.php file and limiting the use of the `TemplateName` parameter to prevent directory traversal attacks. As a temporary workaround, avoid using the `TemplateName` parameter with ../ directory traversal until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.8.4 **Description** A Cross-Site Scripting (XSS) issue was found in the navigation tree, allowing an attacker to deliver a payload to a user through a crafted database or table name. **Recommendations** For versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP-Proxy versions prior to 5.1.0 PHP-Proxy-App versions prior to 3.0 **Description** The issue is related to insufficient protection of the web page structure in the index.php component of the PHP-Proxy web proxy script, allowing a remote attacker to perform cross-site scripting (XSS) attacks via the URL field in index.php. **Recommendations** For PHP-Proxy versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. For PHP-Proxy-App versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the URL field in index.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** webERP version 4.15 **Description** An issue was discovered on the Bank Account Matching - Receipts screen of the General Ledger component. This issue involves Blind SQL injection via the `AmtClear ` parameter in BankMatching.php. **Recommendations** For webERP version 4.15, consider restricting access to the BankMatching.php file or the Bank Account Matching - Receipts screen to minimize the risk of exploitation. Avoid using the `AmtClear ` parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webERP version 4.15 **Description** An issue was discovered in the Manufacturing component. It has Blind SQL Injection via the `SearchParts` parameter in CollectiveWorkOrderCost.php. **Recommendations** For webERP version 4.15, avoid using the `SearchParts` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to CollectiveWorkOrderCost.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** webERP version 4.15 **Description** An issue was discovered in the Sales component. The SalesInquiry.php file has SQL Injection via the `SortBy` parameter. **Recommendations** For webERP version 4.15, avoid using the `SortBy` parameter in the SalesInquiry.php file until the issue is resolved. As a temporary workaround, consider restricting access to the SalesInquiry.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guriddo Form PHP version 5.3 **Description** The issue is related to insufficient protection of the web page structure, allowing for potential cross-site scripting (XSS) attacks. This could enable a remote attacker to perform intersite script attacks. The exploitation is possible through the `demos/jqform/defaultnodb/default.php` endpoint, specifically via the `OrderID`, `ShipName`, `ShipAddress`, `ShipCity`, `ShipPostalCode`, `ShipCountry`, `Freight`, or `details` parameters. **Recommendations** For Guriddo Form PHP version 5.3, consider restricting access to the `demos/jqform/defaultnodb/default.php` endpoint until a patch is available. As a temporary workaround, avoid using the `OrderID`, `ShipName`, `ShipAddress`, `ShipCity`, `ShipPostalCode`, `ShipCountry`, `Freight`, or `details` parameters in the affected endpoint to minimize the risk of exploitation.