Kamtiez

**Name of the Vulnerable Software and Affected Versions** com alameda component versions prior to 1.0.1 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `storeid` parameter to the "index.php" endpoint. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint or avoiding the use of the `storeid` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** com gbufacebook version 1.0.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `face id` parameter in a `show face` action to the "index.php" endpoint. **Recommendations** For version 1.0.5, avoid using the `face id` parameter in the "index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `show face` action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomdle (com joomdle) version 0.24 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `course id` parameter in a detail action to "index.php". **Recommendations** For Joomdle (com joomdle) version 0.24 and earlier, consider updating to a version later than 0.24 to resolve the issue. As a temporary workaround, restrict access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `course id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com javoice version 2.0 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `view` parameter to the "index.php" endpoint. **Recommendations** For version 2.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `view` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JTM Reseller (com jtm) component version 1.9 Beta for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `author` parameter in a search action to the "index.php" endpoint. **Recommendations** For JTM Reseller (com jtm) component version 1.9 Beta, consider restricting access to the `author` parameter in the search action to minimize the risk of exploitation. Avoid using the `author` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AudiStat version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mday` parameter in the "index.php" file. **Recommendations** For AudiStat version 1.3, avoid using the `mday` parameter in the index.php file until the issue is resolved. Consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpunity.newsmanager version (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `id` parameter in the misc/tell a friend/tell.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** com dms version 2.5.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `category id` parameter in a 'view category' action to 'index.php'. **Recommendations** For version 2.5.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the 'view category' action in 'index.php' to minimize the risk of exploitation. Avoid using the `category id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Katalog Stron Hurricane versions 1.3.5 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `get` parameter in the index.php file. **Recommendations** For versions 1.3.5 and earlier, update to a version that fixes this issue, if available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. Avoid using the `get` parameter in the index.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Katalog Stron Hurricane version 1.3.5 and possibly earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `includes directory` parameter. **Recommendations** For version 1.3.5 and possibly earlier, disable the register globals setting to prevent exploitation. Additionally, restrict access to the includes/moderation.php file until a fix is available. Avoid using the `includes directory` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JPhoto (com jphoto) component version 1.0 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a "category" action to "index.php". This can lead to unauthorized access and manipulation of database content. **Recommendations** For JPhoto (com jphoto) component version 1.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "index.php" endpoint with a "category" action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jsjobs version 1.0.5.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the `md` parameter in an employer view company action to "index.php" or the `oi` parameter in an employer view job action to "index.php". **Recommendations** For version 1.0.5.6, consider restricting access to the employer view company and view job actions in index.php until a patch is available. As a temporary workaround, avoid using the `md` and `oi` parameters in the respective actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Green Desktiny versions 2.3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the news detail.php file. **Recommendations** For Green Desktiny versions 2.3.1 and earlier, consider restricting access to the news detail.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the news detail.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeMight VideoCMS version 3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `v` parameter in a "video action" within the index.php file. **Recommendations** For CodeMight VideoCMS version 3.1, consider restricting access to the `v` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `v` parameter in video actions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com surveymanager version 1.5.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `stype` parameter in an `editsurvey` action to `index.php`. **Recommendations** For version 1.5.0, avoid using the `stype` parameter in the `editsurvey` action to `index.php` until the issue is resolved. As a temporary workaround, consider restricting access to the `editsurvey` action in `index.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JBudgetsMagic (com jbudgetsmagic) versions 0.3.2 through 0.4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `bid` parameter in a 'mybudget' action to "index.php". **Recommendations** For versions 0.3.2 through 0.4.0, avoid using the `bid` parameter in the 'mybudget' action to "index.php" until a fix is available. Consider restricting access to the 'mybudget' action in "index.php" to minimize the risk of exploitation.