Ins3T

**Name of the Vulnerable Software and Affected Versions** Irokez CMS version 0.7.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the select function when magic quotes gpc is disabled. The vulnerability can be exploited via the PATH INFO to the default URI. **Recommendations** For Irokez CMS version 0.7.1, consider disabling the select function or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Mini CMS version 1.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "page.php" file. **Recommendations** For Mini CMS version 1.0.1, consider restricting access to the `id` parameter in the "page.php" file to minimize the risk of exploitation.