G111

**Name of the Vulnerable Software and Affected Versions** KLiK SocialMediaWebsite version 1.0 **Description** An injection issue exists in the HTTP GET Request Parameter Handler component. This flaw allows a remote attacker to perform an injection attack via the manipulation of HTTP GET request parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KLiK SocialMediaWebsite version 1.0 **Description** An issue exists in the File Handler component within the `uniqid()` function of the `upload.inc.php` file. This flaw allows for unrestricted file upload, which can be initiated remotely. **Recommendations** As a temporary workaround, consider restricting access to the `upload.inc.php` file or disabling the `uniqid()` function within the File Handler component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KLiK SocialMediaWebsite version 1.0 **Description** An issue exists in the HTTP POST Request Parameter Handler component due to improper processing of parameters. This allows a remote attacker to perform an injection attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KLiK SocialMediaWebsite versions prior to 1.0.2 **Description** An issue exists in the Private Message Handler component within the file '/includes/get message ajax.php'. Remote attackers can perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, by manipulating the `c id` argument. **Recommendations** Update to a version later than 1.0.1. As a temporary workaround, restrict access to the '/includes/get message ajax.php' file or avoid using the `c id` argument until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** kalyan02 NanoCMS versions up to 0.4 **Description** A flaw exists in kalyan02 NanoCMS that allows for remote request manipulation. The issue is related to an unknown functionality within the `/data/pagesdata.txt` file of the User Information Handler component. A manipulation of this functionality can result in a direct request. The exploit is publicly available. **Recommendations** Change the configuration settings.