Kerem125

Name of the Vulnerable Software and Affected Versions: Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `news id` parameter in the "news.asp" file. Recommendations: For Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) version 1.0, consider restricting access to the "news.asp" file or avoid using the `news id` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** RunawaySoft Haber portal version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the devami.asp file. **Recommendations** For RunawaySoft Haber portal version 1.0, avoid using the `id` parameter in the devami.asp file until the issue is resolved. Consider restricting access to the devami.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RunawaySoft Haber portal version 1.0 **Description** The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request for data/xice.mdb. **Recommendations** For RunawaySoft Haber portal version 1.0, consider restricting access to the `data/xice.mdb` file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, limit access to sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** iG Shop version 1.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `type id[]` parameter in the "shop/page.php" endpoint. **Recommendations** For version 1.4, avoid using the `type id[]` parameter in the shop/page.php endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the shop/page.php endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlogMe version 3.0 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `var` parameter in the archshow.asp file. **Recommendations** For BlogMe version 3.0, consider restricting access to the archshow.asp file until a patch is available. As a temporary workaround, avoid using the `var` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** W1L3D4 Philboard version 0.2 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter in the W1L3D4 bolum.asp file. **Recommendations** For W1L3D4 Philboard version 0.2, avoid using the `forumid` parameter in the vulnerable W1L3D4 bolum.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the W1L3D4 bolum.asp file to minimize the risk of exploitation.