Hamza Mizoz N

**Name of the Vulnerable Software and Affected Versions** jaxCMS version 1.0 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `p` parameter in the "index.php" file. **Recommendations** For jaxCMS version 1.0, consider restricting access to the `p` parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the `p` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evernew Free Joke Script version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the viewjokes.php file. **Recommendations** For Evernew Free Joke Script version 1.2, consider restricting access to the viewjokes.php file or validating and sanitizing the `id` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Eicra Car Rental-Script (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities in the index.php file of Eicra Car Rental-Script. When the `plugin id` parameter is set to 4, remote attackers can execute arbitrary SQL commands by manipulating the `username` and `passwords` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.