Laurent Gaffi

**Name of the Vulnerable Software and Affected Versions** w-Agora (Web-Agora) (affected versions not specified) **Description** The issue allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the `search forum` or `search user` parameter, which force a SQL error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Web-Agora (affected versions not specified) **Description** The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved in two ways: (1) by attaching a file to a forum message, which is then stored under forums/hello/hello/notes/, or (2) by using the "browse avatar.php" endpoint to upload a file with a double extension, such as ".php.jpg". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** w-Agora (Web-Agora) (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information via various requests to different PHP files, including rss.php, index.php, profile.php, and search.php, with specific parameter values or empty parameters, such as `site`, `bn`, `site[]`, `sort[]`, `pattern[]`, or `search date[]`. These requests can reveal the path in error messages, possibly due to variable type inconsistencies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** shopkitplus (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information via specific requests. This can be done by sending a request to events.php with a curmonth[]=01 query string or to enc/stylecss.php with a changetheme[]= query string. These requests can reveal the path in various error messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ahmet Sacan Pickle versions prior to 20070301 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `file` parameter of the "download.php" script. **Recommendations** For versions prior to 20070301, consider restricting access to the download.php script until a fix is available, or apply a workaround to sanitize the `file` parameter to prevent directory traversal attacks.

Name of the Vulnerable Software and Affected Versions: Portix-PHP version 0.4.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the `titre` or `auteur` field in a forum post, potentially leading to cross-site scripting (XSS) attacks. Recommendations: For Portix-PHP version 0.4.2, as a temporary workaround, consider restricting user input in the `titre` and `auteur` fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Portix-PHP version 0.4.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via the `username` and `passwd` fields in the login component. Recommendations: For Portix-PHP version 0.4.2, update to a version that fixes the SQL injection vulnerability in the login component.

Name of the Vulnerable Software and Affected Versions: bitweaver versions 1.3.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tk` parameter in the newsletters/edition.php file. Recommendations: For bitweaver versions 1.3.1 and earlier, consider restricting access to the newsletters/edition.php file until a patch is available. As a temporary workaround, avoid using the `tk` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bitweaver versions 1.3.1 and earlier Description: The issue allows remote attackers to obtain sensitive information by forcing a SQL error through specific API endpoints, including "blogs/list blogs.php", "fisheye/index.php", "wiki/orphan pages.php", and "wiki/list pages.php", when a `sort mode` query string is set to -98. Recommendations: For bitweaver versions 1.3.1 and earlier, as a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Avoid using the `sort mode` parameter with a value of -98 in the affected endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Rialto version 1.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `cat` parameter to "listmain.asp" or "searchmain.asp", the `Keyword` parameter to "searchkey.asp", or the `refno` parameter to "forminfo.asp". Recommendations: For Rialto version 1.6, as a temporary workaround, consider restricting access to the vulnerable parameters `cat`, `Keyword`, and `refno` in their respective API endpoints until a patch is available. Avoid using these parameters in the affected API endpoints "listmain.asp", "searchmain.asp", "searchkey.asp", and "forminfo.asp" until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "viewad.asp" file. Recommendations: For Rapid Classified version 3.1, consider restricting access to the `id` parameter in the "viewad.asp" file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bitweaver versions 1.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via specific fields, including the message title field when submitting an article to "articles/edit.php", the message title field when submitting a blog post to "blogs/post.php", or the message description field when editing in the Sandbox in "wiki/edit.php". Recommendations: For bitweaver versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting user input in the message title fields and the message description field in the Sandbox to minimize the risk of exploitation. Avoid using the affected API endpoints "articles/edit.php", "blogs/post.php", and "wiki/edit.php" with unvalidated user input until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Rialto version 1.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different API endpoints, including: - the `uname` (username) and `pword` (passwd) fields in "admin/default.asp"; - the `ID` parameter to "listfull.asp" or "printmain.asp"; - the `cat` parameter to "listmain.asp", "searchoption.asp", or "searchmain.asp"; - the `Keyword` parameter to "searchkey.asp"; - the `area` parameter to "searchmain.asp" or "searchoption.asp"; - the `searchin` parameter to "searchkey.asp"; - the `cost1`, `cost2`, `acreage1`, or `squarefeet1` parameters to "searchoption.asp". Recommendations: For Rialto version 1.6, consider disabling the SQL execution functionality until a patch is available. Restrict access to the mentioned API endpoints to minimize the risk of exploitation. Avoid using the specified parameters in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PWP Technologies The Classified Ad System (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `cat` or `main` parameter in the default.asp file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MGinternet Property Site Manager (affected versions not specified) Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `s` parameter in the listings.asp file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinitytechs Restaurants CM (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through specific parameters in different ASP files, including the `id` parameter in "rating.asp", the `mealid` parameter in "meal rest.asp", and the `resid` parameter in "res details.asp". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASPMForum (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via several parameters, including `soruid` in "forum2.asp", `ak` in "kullanicilistesi.asp", `kelimeler` in "aramayap.asp", and `kullaniciadi` in "giris.asp". Additionally, remote authenticated users can execute arbitrary SQL commands via the `mesajno` parameter in "mesajkutum.asp". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vikingboard version 0.1.2 **Description** The issue allows remote attackers to trigger a forced SQL error via an invalid `s` parameter in the members.php file. This might only be an exposure if display errors is enabled. **Recommendations** For Vikingboard version 0.1.2, consider disabling the display of error messages to minimize the risk of exploitation. Restrict access to the members.php file to prevent remote attackers from triggering SQL errors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vikingboard version 0.1.2 **Description** The issue allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the `act` parameter of the admin.php file. **Recommendations** For Vikingboard version 0.1.2, consider restricting access to the admin.php file to prevent exploitation, and avoid using the `act` parameter with unvalidated input until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Enthrallweb eClassifieds (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in several parameters, including `AD ID`, `cat id`, `sub id`, and `ad id` in the "ad.asp" endpoint, the `cid` parameter in the "dircat.asp" endpoint, and the `sid` parameter in the "dirSub.asp" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.