Kaan Kamis

**Name of the Vulnerable Software and Affected Versions** Itech Auction Script version 6.49 **Description** A critical issue has been identified, affecting the /mcategory.php file. The `mcid` argument is vulnerable to manipulation, allowing for SQL injection (Blind) attacks when input such as `4' AND 1734=1734 AND 'Ggks'='Ggks` is used. This issue can be exploited remotely. **Recommendations** For Itech Auction Script version 6.49, consider restricting access to the /mcategory.php file or disabling the `mcid` argument until a fix is available. As a temporary workaround, avoid using the `mcid` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Real Estate Script version 3.12 **Description** A critical issue affects an unknown functionality of the file /real-estate-script/search property.php. The manipulation of the `property for` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Itech Real Estate Script version 3.12, consider restricting access to the /real-estate-script/search property.php file until a patch is available. As a temporary workaround, avoid using the `property for` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itech News Portal version 6.28 **Description** A critical issue has been identified, affecting an unknown function of the file /news-portal-script/information.php. The manipulation of the `inf` argument leads to SQL injection, allowing for remote attacks. The exploit has been publicly disclosed and may be used. **Recommendations** For Itech News Portal version 6.28, consider restricting access to the /news-portal-script/information.php file until a patch is available. As a temporary workaround, avoid using the `inf` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Multi Vendor Script version 6.49 **Description** A critical issue affects the processing of the file /multi-vendor-shopping-script/product-list.php, where the manipulation of the `pl` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Itech Multi Vendor Script version 6.49, consider restricting access to the /multi-vendor-shopping-script/product-list.php file until a patch is available. As a temporary workaround, avoid using the `pl` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Job Portal Script version 9.13 **Description** A critical issue was found in the software, affecting an unknown part of the file /admin, leading to improper authentication. The manipulation can be initiated remotely. **Recommendations** For Itech Job Portal Script version 9.13, as a temporary workaround, consider restricting access to the /admin file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Itech Freelancer Script version 5.13 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /category.php. The manipulation of the `sk` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Itech Freelancer Script version 5.13, consider restricting access to the /category.php file until a patch is available. As a temporary workaround, avoid using the `sk` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Dating Script version 3.26 **Description** A critical issue was found in the file /see more details.php, where the manipulation of the `id` argument leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Itech Dating Script version 3.26, consider restricting access to the /see more details.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Itech Classifieds Script version 7.27 **Description** A critical issue has been discovered, allowing for SQL injection through the manipulation of the `scat` argument in the `/subpage.php` file with a specific input. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks. **Recommendations** For Itech Classifieds Script version 7.27, consider restricting access to the `/subpage.php` file or disabling the unknown function that handles the `scat` argument until a patch is available. Avoid using the `scat` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Itech B2B Script version 4.28 **Description** A critical issue affects the processing of the file /catcompany.php. The manipulation of the `token` argument with a specific input leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Itech B2B Script version 4.28, consider restricting access to the /catcompany.php file until a patch is available. As a temporary workaround, avoid using the `token` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LogoStore (affected versions not specified) **Description** A critical issue has been identified, allowing for SQL injection through the manipulation of the `query` argument in the /LogoStore/search.php file. This can be achieved by providing a specific input, such as ' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search=. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.