Kacak

**Name of the Vulnerable Software and Affected Versions** MyDesign Sayac version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `user` parameter (also known as the `UserName` field) or the `pass` parameter (also known as the `Pass` field) to specific API endpoints, such as (a) `admin/admin.asp` or (b) the default URI under `admin/`. **Recommendations** For MyDesign Sayac version 2.0, consider restricting access to the `admin/admin.asp` and default URI under `admin/` endpoints to minimize the risk of exploitation. Avoid using the `user` and `pass` parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kolifa.net Download Script version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "indir.php" file. **Recommendations** For Kolifa.net Download Script version 1.2, consider restricting access to the `id` parameter in the "indir.php" file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FacileForms (com facileforms) component version 1.4.4 for Mambo and Joomla! **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ff compath` parameter in the facileforms.frame.php file. **Recommendations** For version 1.4.4, consider restricting access to the `facileforms.frame.php` file until a patch is available. Avoid using the `ff compath` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: phpRaider versions 1.0.7 through 1.0.7a Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `pConfig auth[phpbb path]` parameter in the authentication/phpbb3/phpbb3.functions.php file. Recommendations: For phpRaider versions 1.0.7 through 1.0.7a, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the `pConfig auth[phpbb path]` parameter in the affected file until a patch is available.