James Bercegay

**Name of the Vulnerable Software and Affected Versions** Pligg versions 9.9 and earlier **Description** The issue allows remote attackers to determine the existence of arbitrary files or include arbitrary files via directory traversal vulnerabilities. This can be achieved by exploiting the `$tb url` variable in "trackback.php" or the `template` parameter in "settemplate.php" using a .. (dot dot) sequence. **Recommendations** For Pligg versions 9.9 and earlier, as a temporary workaround, consider restricting access to the "trackback.php" and "settemplate.php" files until a patch is available. Avoid using the `$tb url` variable in "trackback.php" and the `template` parameter in "settemplate.php" with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pligg versions 9.9 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `keyword` parameter in a search action to "user.php" and other unspecified vectors. **Recommendations** For Pligg versions 9.9 and earlier, update to a version later than 9.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pligg versions 9.9 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. The vulnerabilities exist in various parameters and variables, including the `id` parameter to "vote.php", the `id` parameter to "trackback.php", an unspecified parameter to "submit.php", the `requestTitle` variable in a query to "story.php", the `requestID` and `requestTitle` variables in "recommend.php", the `categoryID` parameter to "cloud.php", the `title` parameter to "out.php", the `username` parameter to "login.php", the `id` parameter to "cvote.php", and the `commentid` parameter to "edit.php". **Recommendations** For Pligg versions 9.9 and earlier, consider disabling the affected parameters and variables, such as the `id` parameter in "vote.php" and "trackback.php", the unspecified parameter in "submit.php", the `requestTitle` variable in "story.php", the `requestID` and `requestTitle` variables in "recommend.php", the `categoryID` parameter in "cloud.php", the `title` parameter in "out.php", the `username` parameter in "login.php", the `id` parameter in "cvote.php", and the `commentid` parameter in "edit.php", until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UBB.threads versions 7.3.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Forum[]` array parameter in the dosearch.inc.php file. Recommendations: For versions 7.3.1 and earlier, update to a version later than 7.3.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: CS-Cart versions 1.3.5 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cs cookies[customer user id]` cookie parameter in the core/user.php file. Recommendations: For CS-Cart versions 1.3.5 and earlier, consider restricting access to the core/user.php file until a patch is available. As a temporary workaround, avoid using the `cs cookies[customer user id]` cookie parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebSVN versions 2.0 and earlier **Description** A cross-site scripting (XSS) issue exists in the getParameterisedSelfUrl function in index.php, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO. This could potentially lead to malicious script execution on the client-side. **Recommendations** For WebSVN versions 2.0 and earlier, consider disabling the getParameterisedSelfUrl function in index.php as a temporary workaround until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the PATH INFO variable in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WebSVN versions 2.0 and earlier **Description** A directory traversal issue exists in the rss.php file of WebSVN, allowing remote attackers to overwrite arbitrary files when magic quotes gpc is disabled. This is achieved through directory traversal sequences in the `rev` parameter. **Recommendations** For WebSVN versions 2.0 and earlier, consider disabling the rss.php file or restricting access to it until a fix is available. As a temporary workaround, enable magic quotes gpc to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** WebSVN versions 1.x **Description** The issue allows remote attackers to execute arbitrary PHP code via a crafted `username` that is processed by the `preg replace` function with the `eval` switch. This is due to a problem in the `create anchors` function in `utils.inc`. **Recommendations** For WebSVN version 1.x, consider disabling the `create anchors` function in `utils.inc` until a patch is available to prevent the execution of arbitrary PHP code. Restrict access to the `preg replace` function with the `eval` switch to minimize the risk of exploitation. Avoid using the `username` variable in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advanced Electron Forum versions prior to 1.0.7 **Description** The issue allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the `email` parameter, which is processed by the `preg replace` function with the `eval` switch. **Recommendations** For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `email` parameter in the affected functionality until a patch is available. Avoid using the `eval` switch with the `preg replace` function for processing user-input data.

**Name of the Vulnerable Software and Affected Versions** Lussumo Vanilla versions 1.1.5-rc1, 1.1.4, and earlier **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `Value` field in the Label ==> Value pairs in account.php. **Recommendations** For versions 1.1.5-rc1, 1.1.4, and earlier, consider restricting access to the account.php file until a fix is available. As a temporary workaround, avoid using the `Value` field in the Label ==> Value pairs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Crafty Syntax Live Help (CSLH) versions 2.14.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `department` parameter to API endpoints such as "is xmlhttp.php" and "is flush.php". **Recommendations** For versions 2.14.6 and earlier, consider restricting access to the `is xmlhttp.php` and `is flush.php` API endpoints to minimize the risk of exploitation. Avoid using the `department` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Turnkey Web Tools SunShop Shopping Cart versions prior to 4.1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter in an edit registry action to "index.php", a vector involving the `check email` function, and other vectors. **Recommendations** For versions prior to 4.1.5, update to version 4.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `class.ajax.php` file and limiting the use of the `check email` function until a patch is applied. Avoid using the `id` parameter in the edit registry action to "index.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Turnkey PHP Live Helper versions 2.0.1 and earlier **Description** The issue allows remote attackers to overwrite arbitrary variables related to the db config file when register globals is enabled. This can be leveraged for code injection by overwriting the language file. **Recommendations** For Turnkey PHP Live Helper versions 2.0.1 and earlier, disable the register globals setting to prevent variable overwrite. Consider updating the configuration to prevent similar issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Turnkey PHP Live Helper versions 2.0.1 and earlier **Description** The issue is related to a lack of input sanitization in the `get` function in `global.php`, allowing remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `dep` parameter in `onlinestatus html.php`. **Recommendations** For Turnkey PHP Live Helper versions 2.0.1 and earlier, consider restricting access to the `onlinestatus html.php` file until a patch is available. As a temporary workaround, avoid using the `dep` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Turnkey PHP Live Helper versions 2.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via the `test` parameter, and possibly other parameters, to the "chat.php" endpoint. **Recommendations** For Turnkey PHP Live Helper versions 2.0.1 and earlier, consider restricting access to the "chat.php" endpoint until a fix is available. As a temporary workaround, avoid using the `test` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lussumo Vanilla versions 1.1.4 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `NewPassword` parameter to "people.php". Additionally, remote authenticated users can inject arbitrary web script or HTML via the `Account picture` and `Icon` fields in "account.php". **Recommendations** For versions 1.1.4 and earlier, update to a version that addresses these issues, ensuring that the `NewPassword` parameter in "people.php" and the `Account picture` and `Icon` fields in "account.php" are properly sanitized to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the "people.php" and "account.php" pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Plogger versions 3.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This can be achieved through the `checked` array parameter to "plog-download.php" in an album action, and unspecified parameters to "plog-remote.php". Additionally, remote authenticated administrators can execute arbitrary SQL commands via the `activate` parameter to "admin/plog-themes.php", related to `theme dir` settings. **Recommendations** For Plogger versions 3.0 and earlier, update to a version later than 3.0 to resolve the issue. As a temporary workaround, consider restricting access to the "plog-download.php" and "plog-remote.php" scripts, and limiting administrative access to "admin/plog-themes.php" until a patch is available. Avoid using the `activate` parameter in "admin/plog-themes.php" and the `checked` array parameter in "plog-download.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gregarius versions 0.5.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `rsargs` array parameter in an `/ajax.php` endpoint, specifically in the ` exp getFeedContent` action. **Recommendations** For Gregarius versions 0.5.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ViArt Shop versions 3.5 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `category id` parameter in the products rss.php file. **Recommendations** For versions 3.5 and earlier, consider restricting access to the products rss.php file until a patch is available. As a temporary workaround, avoid using the `category id` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qdig versions prior to 1.2.9.3 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `pre gallery` or `post gallery` parameters in index.php when register globals is enabled. **Recommendations** For versions prior to 1.2.9.3, update to version 1.2.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the register globals setting to minimize the risk of exploitation. Avoid using the `pre gallery` and `post gallery` parameters in the affected index.php file until the issue is resolved.