Ilker Kandemir

**Name of the Vulnerable Software and Affected Versions** Kunena Forum (com kunena) versions 1.5.3 through 1.5.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `func` parameter to the `/index.php` API endpoint. **Recommendations** For versions 1.5.3 and 1.5.4, consider restricting access to the `func` parameter in the `/index.php` API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** com news portal versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Itemid` parameter to the "index.php" endpoint. **Recommendations** For versions 1.0 and earlier, consider restricting access to the `Itemid` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FlashBlog version 0.31 beta **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to execute arbitrary code by uploading a .php file to the admin/Editor/imgupload.php endpoint, and then accessing it via a direct request to the file in tus imagenes/. **Recommendations** For FlashBlog version 0.31 beta, restrict access to the admin/Editor/imgupload.php endpoint to prevent unauthorized file uploads, and remove any already uploaded malicious files from the tus imagenes/ directory.

**Name of the Vulnerable Software and Affected Versions** Madoa Poll version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved through multiple PHP remote file inclusion vulnerabilities. The vulnerable API endpoints are "index.php", "vote.php", and "admin.php", which are accessible via the `Madoa` parameter. **Recommendations** For Madoa Poll version 1.1, consider disabling the `Madoa` parameter in the affected API endpoints "index.php", "vote.php", and "admin.php" as a temporary workaround until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SchoolBoard (affected versions not specified) **Description** The issue concerns a SQL injection vulnerability in the admin.php file of SchoolBoard. This vulnerability potentially allows remote attackers to execute arbitrary SQL commands. However, it's noted that the 'username' parameter does not exist, and the 'password' is not used in any queries, which disputes the vulnerability's impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SecurityAdmin for PHP version 4.0.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PSA PATH` parameter in the include/logout.php file. **Recommendations** For SecurityAdmin for PHP version 4.0.2, consider restricting access to the `PSA PATH` parameter in the include/logout.php file until a patch is available. Avoid using the `PSA PATH` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpHoo3 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `ADMIN USER` and `ADMIN PASS` parameters during a login in the admin.php file. However, it is noted that `ADMIN USER` and `ADMIN PASS` are initialized before use, which disputes the vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EsForum version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idsalon` parameter in the "forum.php" file. **Recommendations** For EsForum version 3.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `idsalon` parameter in the "forum.php" file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Trevorchan versions 0.7 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary code via the `tc config[rootdir]` parameter to several API endpoints, including "upgrade.php", "paint save.php", "menu.php", "manage.php", and "banned.php". However, this issue has been disputed by reliable third parties, who claim that the variable is set before use in "config.php". Recommendations: For Trevorchan versions 0.7 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints until the issue is resolved. Avoid using the `tc config[rootdir]` parameter in the affected endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Okul Web Otomasyon Sistemi version 4.0.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "etkinlikbak.asp" file. Recommendations: For Okul Web Otomasyon Sistemi version 4.0.1, avoid using the `id` parameter in the "etkinlikbak.asp" file until the issue is resolved. Consider restricting access to the "etkinlikbak.asp" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: wcSimple Poll (affected versions not specified) Description: The issue allows remote attackers to obtain password hashes due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for password.txt. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LunarPoll (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PollDir` parameter when `register globals` is enabled. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.