Hurley

**Name of the Vulnerable Software and Affected Versions** Sendy version 1.1.8.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `i` parameter in the "/app" API endpoint. **Recommendations** For Sendy version 1.1.8.4, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Scripts For Sites (SFS) EZ Adult Directory (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in a list action in the directory.php file. Recommendations: For Scripts For Sites (SFS) EZ Adult Directory, avoid using the `cat id` parameter in the list action until the issue is resolved. As a temporary workaround, consider restricting access to the directory.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scripts for Sites (SFS) Ez Forum (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the forum.php file, specifically via the `forum` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.