Injector5

Name of the Vulnerable Software and Affected Versions: Joomla! component com gsticketsystem (affected versions not specified) Description: A SQL injection issue exists in the GridSupport Ticket System component for Joomla!, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `catid` parameter in a `viewCategory` action to `index.php`. Recommendations: As a temporary workaround, consider restricting access to the `catid` parameter in the `viewCategory` action to `index.php` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! Eventing (com eventing) versions 1.6.x **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in the "index.php" endpoint. **Recommendations** For versions 1.6.x, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `catid` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** com pcchess component for Joomla! (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `game id` parameter in a 'showgame' action to 'index.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com pccookbook (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `recipe id` parameter in a `viewrecipe` action to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! com waticketsystem component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in a category action to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJ Auction Pro Platinum version 2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `product` parameter in the "search.php" file. **Recommendations** For AJ Auction Pro Platinum version 2, update the search.php file to properly sanitize the `product` parameter to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** AJ Auction Pro Platinum version 2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `seller id` parameter in the " sellers othersitem.php" file. **Recommendations** For AJ Auction Pro Platinum version 2, consider restricting access to the `seller id` parameter in the "sellers othersitem.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Umer Inc Songs Portal (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the albums.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Systementor PostcardMentor (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat fldAuto` parameter in the "step1.asp" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.