Firewall

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in the processing of the `/bank/statements.php` file. Manipulation of the `email` argument can lead to SQL injection, potentially allowing for remote exploitation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in SourceCodester Online Bank Management System up to version 1.0. The issue affects unknown code within the `/bank/transfer.php` file. Manipulation of the `email` argument can lead to a SQL injection attack, which can be initiated remotely. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vernet Loic PHP Debug version 1.1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `debugClassLocation` parameter in the tests/debug test.php file. **Recommendations** For Vernet Loic PHP Debug version 1.1.0, consider restricting access to the `debugClassLocation` parameter in the tests/debug test.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exophpdesk version 1.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lang file` parameter in the pipe.php file. **Recommendations** For Exophpdesk version 1.2, consider restricting access to the pipe.php file or validating the `lang file` parameter to prevent remote file inclusion attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Phpjobscheduler version 3.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `installed config file` parameter to specific API endpoints, such as "add-modify.php", "delete.php", "modify.php", and "phpjobscheduler.php". **Recommendations** For Phpjobscheduler version 3.0, consider restricting access to the `installed config file` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `installed config file` parameter in the "add-modify.php", "delete.php", "modify.php", and "phpjobscheduler.php" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EncapsCMS version 0.3.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root` parameter in the core/core.php file. **Recommendations** For EncapsCMS version 0.3.6, update to a version that fixes this issue, as using a vulnerable version allows remote attackers to execute arbitrary PHP code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dmitry Sheiko Business Card Web Builder (BCWB) version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path admin` parameter to specific API endpoints, including "/include/startup.inc.php", "dcontent/default.css.php", or "system/default.css.php". Recommendations: For version 2.5, consider restricting access to the `root path admin` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `root path admin` parameter in the "/include/startup.inc.php", "dcontent/default.css.php", or "system/default.css.php" endpoints to minimize the risk of exploitation.