James

**Name of the Vulnerable Software and Affected Versions** Discuz! version 6.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `searchid` parameter in a "search" action. **Recommendations** For Discuz! version 6.0.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `searchid` parameter in the affected API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** JamRoom versions prior to 3.4.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by manipulating a boolean value within serialized data in a `JMU Cookie` cookie, exploiting the `jrCookie` function in `includes/jamroom-misc.inc.php`. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative functions until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** JamRoom versions prior to 3.4.0 **Description** The issue concerns multiple unspecified vulnerabilities with unknown impact and attack vectors. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gnump3d version 2.9final **Description** The issue allows remote attackers to bypass intended access restrictions because password protection is not applied to plugins. **Recommendations** For gnump3d version 2.9final, consider disabling the use of plugins until a patch is available to apply password protection to them.

**Name of the Vulnerable Software and Affected Versions** Woltlab Burning Board versions 2.x and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` variable in the verify email function. **Recommendations** For Woltlab Burning Board versions 2.x and earlier, consider restricting access to the verify email function until a patch is available. As a temporary workaround, avoid using the `email` variable in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.