Jannik Vieten

**Name of the Vulnerable Software and Affected Versions** BACKCLICK Professional version 5.9.63 **Description** An issue was discovered due to insufficient escaping of user-supplied input, making the application vulnerable to SQL injection at various locations. **Recommendations** For BACKCLICK Professional version 5.9.63, consider restricting user input to prevent SQL injection attacks until a patch is available. As a temporary workaround, ensure proper input validation and sanitization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BACKCLICK Professional version 5.9.63 **Description** An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent. **Recommendations** For version 5.9.63, consider implementing random or non-sequential IDs in verification links to prevent enumeration of subscribers' e-mail addresses. Additionally, restrict the ability to subscribe and verify e-mail addresses to prevent unauthorized access. As a temporary workaround, consider disabling the newsletter sign-up functionality until a patch is available.