Jdc

**Name of the Vulnerable Software and Affected Versions** Joomla! GCalendar (com gcalendar) version 2.1.5 **Description** A directory traversal issue exists in the GCalendar component for Joomla!, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `controller` parameter to the "index.php" endpoint. **Recommendations** For version 2.1.5, consider restricting access to the GCalendar component until a patch is available. As a temporary workaround, avoid using the `controller` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! TurtuShout component version 0.11 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `Name` field, potentially leading to unauthorized data access or modification. **Recommendations** For version 0.11 of the TurtuShout component, consider disabling the component until a patch is available to prevent exploitation. Restrict access to the `Name` field in the TurtuShout component to minimize the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** AlphaUserPoints (com alphauserpoints) version 1.5.2 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username2points` parameter in the frontend/assets/ajax/checkusername.php file. **Recommendations** For AlphaUserPoints (com alphauserpoints) version 1.5.2, avoid using the `username2points` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Joomla! component com livechat version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the Live Chat component, specifically via the last parameter to the following API endpoints: "getChat.php", "getChatRoom.php", and "getSavedChatRooms.php". Recommendations: For version 1.0 of the com livechat component, consider disabling the affected API endpoints "getChat.php", "getChatRoom.php", and "getSavedChatRooms.php" until a patch is available to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: Joomla Live Chat (com livechat) component version 1.0 Description: The issue allows remote attackers to utilize the xmlhttp.php script as an open HTTP proxy. This can be exploited to hide network scanning activities or to scan internal networks by sending a GET request with a full URL in the query string. Recommendations: For version 1.0, consider disabling the xmlhttp.php script until a patch is available to prevent its use as an open HTTP proxy. Restrict access to this script to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Joomla! component com livechat version 1.0 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the last parameter to "getChatRoom.php". Recommendations: For version 1.0, consider restricting access to the "getChatRoom.php" endpoint until a patch is available. Avoid using the last parameter in the affected endpoint to minimize the risk of exploitation.