Jesper Jurcenoks

**Name of the Vulnerable Software and Affected Versions** myBloggie version 2.1.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `user id` parameter in a "viewuser" action to "index.php", and also allows remote authenticated administrators to execute arbitrary SQL commands via the `post id` parameter in an "edit" action to "admin.php". **Recommendations** For myBloggie version 2.1.6, update to a version that fixes the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the "viewuser" action in "index.php" and the "edit" action in "admin.php" to minimize the risk of exploitation. Avoid using the `user id` and `post id` parameters in the affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: myBloggie version 2.1.6 Description: A cross-site request forgery (CSRF) issue exists, allowing remote attackers to perform actions as administrators. This can potentially be used to execute SQL commands. Recommendations: For version 2.1.6, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Farsi Script (aka FaScript) FaName version 1.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `key` or `desc` parameter to "index.php", or the `name` parameter to "page.php". **Recommendations** For Farsi Script (aka FaScript) FaName version 1.0, avoid using the `key`, `desc`, and `name` parameters in the affected API endpoints until the issue is resolved. Restrict access to the vulnerable "index.php" and "page.php" files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Farsi Script (aka FaScript) FaName version 1.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the class/page.php file. **Recommendations** For Farsi Script (aka FaScript) FaName version 1.0, consider restricting access to the `id` parameter in the class/page.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FaName version 1.0 **Description** The issue allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the `id` parameter. This sequence reveals the installation path in an error message. **Recommendations** For FaName version 1.0, as a temporary workaround, consider restricting access to the `class/page.php` file until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** myBloggie version 2.1.6 **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved through several methods: - by providing an invalid year parameter to "calendar.php", which can be reached through "index.php", - by making a direct request to "common.php", - or by including a `mode` array parameter in the query string to "login.php". These actions can reveal the installation path in various error messages. **Recommendations** For myBloggie version 2.1.6, consider restricting access to "calendar.php", "common.php", and "login.php" to minimize the risk of exploitation. As a temporary workaround, avoid using the `mode` array parameter in the query string to "login.php" until the issue is resolved. Additionally, validate user input, especially the year parameter to "calendar.php", to prevent the disclosure of sensitive information.

**Name of the Vulnerable Software and Affected Versions** SimpNews version 2.41.03 **Description** The issue allows remote attackers to obtain sensitive information via a certain `link date` parameter to "events.php", which reveals the path in an error message due to an unsupported argument type for the `mktime` function on Windows. This occurs when PHP before version 5.0.0 is used. **Recommendations** For SimpNews version 2.41.03, consider updating PHP to version 5.0.0 or later to resolve the issue. As a temporary workaround, restrict access to the "events.php" endpoint to minimize the risk of exploitation. Avoid using the `link date` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SimpGB version 1.46.02 **Description** The issue allows remote attackers to obtain sensitive configuration information and download arbitrary files due to insufficient access control. This can be achieved by making a direct request for specific files, such as `admin/cfginfo.php` for configuration information, and other `.inc` files, for example, `admin/includes/dbtables.inc`. **Recommendations** For SimpGB version 1.46.02, consider restricting direct access to sensitive files such as `admin/cfginfo.php` and `.inc` files under the `admin/includes` directory until a proper fix is available. As a temporary workaround, restrict access to the `admin` directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SimpNews version 2.41.03 Description: The issue allows remote attackers to obtain sensitive information. This can be achieved via an invalid `lang` parameter to the "admin/index.php" endpoint, or by making a direct request to the "admin/dbg infos.php", "admin/heading.php", or "evsearch.php" endpoints. These actions reveal the path in various error messages. Recommendations: For SimpNews version 2.41.03, consider restricting access to the "admin/dbg infos.php", "admin/heading.php", and "evsearch.php" endpoints to minimize the risk of exploitation. Avoid using an invalid `lang` parameter in the "admin/index.php" endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Calendarix version 0.7.20070307 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `month` and `year` parameters to "calendar.php" and the `search string` to "cal search.php" when `magic quotes gpc` is disabled. Recommendations: For Calendarix version 0.7.20070307, consider disabling the execution of SQL commands via the `month` and `year` parameters to "calendar.php" and the `search string` to "cal search.php" until a patch is available. Additionally, enabling `magic quotes gpc` can help mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Calendarix version 0.7.20070307 Description: The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters. This is possible when register globals is enabled. The vulnerable parameters include `year` and `month` in "calendar.php", and `leftfooter` in "cal footer.inc.php". Recommendations: For Calendarix version 0.7.20070307, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the vulnerable parameters `year`, `month`, and `leftfooter` in the respective files until a patch is available.

Name of the Vulnerable Software and Affected Versions: WSPortal version 1.0 Description: A SQL injection issue exists in the content.php file of WSPortal, allowing remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This is achieved by manipulating the `page` parameter. Recommendations: For WSPortal version 1.0, consider disabling the `content.php` file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

Name of the Vulnerable Software and Affected Versions: WSPortal version 1.0 Description: The issue allows remote attackers to obtain sensitive information by exploiting a vulnerability in the content.php file. This is achieved by sending a specific sequence of characters, including a quote and a semicolon, in the page parameter when magic quotes gpc is disabled. The attack reveals the installation path in the resulting SQL error message. Recommendations: For WSPortal version 1.0, consider enabling magic quotes gpc to prevent the exploitation of this issue. As a temporary workaround, restrict access to the content.php file to minimize the risk of sensitive information disclosure. Avoid using user-supplied input in the page parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jetbox CMS version 2.1 **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved through a direct request to certain PHP files, such as `main page.php`, `open tree.php`, and `outputs.php`. Additionally, a malformed `view` parameter to `index.php` can be used, potentially allowing SQL injection manipulation. The `id[]` parameter to `admin/cms/opentree.php` can also reveal the installation path in the resulting error message. **Recommendations** For Jetbox CMS version 2.1, consider restricting access to the `main page.php`, `open tree.php`, and `outputs.php` files, as well as validating and sanitizing the `view` parameter in `index.php` to prevent SQL injection. Also, restrict the use of the `id[]` parameter in `admin/cms/opentree.php` to minimize the risk of path disclosure.

Name of the Vulnerable Software and Affected Versions: Jetbox CMS version 2.1 Description: The issue allows remote attackers to send arbitrary e-mails, potentially leading to spam, by modifying certain parameters. Specifically, this involves the `recipient`, ` SETTINGS[allowed email hosts][]`, and `subject` parameters in the formmail.php file. Recommendations: For Jetbox CMS version 2.1, consider restricting access to the formmail.php file or disabling the functionality that allows modification of the `recipient`, ` SETTINGS[allowed email hosts][]`, and `subject` parameters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SonicBB version 1.0 Description: The issue allows remote attackers to obtain sensitive information. This is achieved via the `by[]` parameter to "search.php", the `p[]` parameter to "viewforum.php", and the `id` parameter to either "viewforum.php" or "members.php". The installation path is revealed in the resulting error message. Recommendations: For SonicBB version 1.0, as a temporary workaround, consider restricting access to the "search.php", "viewforum.php", and "members.php" scripts until a patch is available. Avoid using the `by[]` and `p[]` parameters in the affected API endpoints, and restrict the use of the `id` parameter in "viewforum.php" and "members.php" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SonicBB version 1.0 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `part` parameter in the "search.php" endpoint. Recommendations: For SonicBB version 1.0, consider restricting access to the `search.php` endpoint until a fix is available, and avoid using the `part` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SonicBB version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `part` and `by` parameters to the "search.php" endpoint, or the `id` parameter to the "viewforum.php" endpoint. Recommendations: For SonicBB version 1.0, consider restricting access to the "search.php" and "viewforum.php" endpoints until a patch is available. As a temporary workaround, avoid using the `part`, `by`, and `id` parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Guestbook version 2.4.2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `picture` parameter in the "picture.php" file. **Recommendations** For Advanced Guestbook version 2.4.2, consider restricting access to the "picture.php" file until a patch is available, and avoid using the `picture` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UseBB versions prior to 1.0.6 **Description** The issue allows remote attackers to obtain sensitive information by sending a request with unspecified GET or POST parameters to an unspecified script. This request reveals the path in an error message, potentially exposing sensitive information. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.