Koller

**Name of the Vulnerable Software and Affected Versions** Wallpaper Site version 1.0.09 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `catid` parameter to "category.php" or the `groupid` parameter to "editadgroup.php". **Recommendations** For version 1.0.09, avoid using the `catid` parameter in the "category.php" endpoint and the `groupid` parameter in the "editadgroup.php" endpoint until the issue is resolved. Consider restricting access to these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyRealty version 1.0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the "type" parameter to the "search.php" endpoint, or for remote authenticated administrators, via the `listing updated days` parameter to the "admin/findlistings.php" endpoint. **Recommendations** For phpMyRealty version 1.0.9, consider restricting access to the "search.php" and "admin/findlistings.php" endpoints until a patch is available. As a temporary workaround, avoid using the `type` parameter in the "search.php" endpoint and the `listing updated days` parameter in the "admin/findlistings.php" endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.