Htbridge

Name of the Vulnerable Software and Affected Versions: Huge-IT Slider (slider-image) plugin versions prior to 2.7.0 Description: The issue allows remote administrators to execute arbitrary SQL commands. This can be achieved via the `removeslide` parameter in a `popup posts` or `edit cat` action in the `sliders huge it slider` page to `wp-admin/admin.php`. Recommendations: For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `removeslide` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** my little forum versions prior to 2.3.4 **Description** The issue allows remote administrators to execute arbitrary SQL commands. This can be achieved via the `letter` parameter in a user action or the `edit category` parameter to "index.php". **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `letter` parameter and the `edit category` parameter in "index.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** my little forum versions prior to 2.3.4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `back` parameter to "index.php". **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP-Cron Dashboard plugin versions 1.1.5 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `procname` parameter to "wp-admin/tools.php". **Recommendations** For WP-Cron Dashboard plugin versions 1.1.5 and earlier, avoid using the `procname` parameter in the "wp-admin/tools.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ad-minister plugin versions 0.6 and earlier for WordPress **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `key` parameter in a delete action to "wp-admin/tools.php". This is a cross-site scripting (XSS) issue. **Recommendations** For Ad-minister plugin versions 0.6 and earlier, update to a version later than 0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cotonti versions prior to 0.9.14 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the "c" parameter to the API endpoint "index.php". **Recommendations** For versions prior to 0.9.14, update to version 0.9.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rss.php` module in the `modules/rss` directory until a patch is available. Avoid using the `c` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ecomat CMS version 5.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `lang` parameter in a web action. **Recommendations** For Ecomat CMS version 5.0, avoid using the `lang` parameter in web actions until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Allinta CMS version 22.07.2010 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via the `i` parameter in an edit action to API endpoints such as "contentAE.asp" or "templatesAE.asp". **Recommendations** For Allinta CMS version 22.07.2010, as a temporary workaround, consider restricting access to the "contentAE.asp" and "templatesAE.asp" endpoints to minimize the risk of exploitation. Avoid using the `i` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Auto CMS version 1.6 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `sitetitle` parameter in the autocms.php file. **Recommendations** For Auto CMS version 1.6, consider restricting access to the `sitetitle` parameter in the autocms.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `sitetitle` parameter until a patch is available.