Learn3R

**Name of the Vulnerable Software and Affected Versions** WX-Guestbook version 1.1.208 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `QUERY` parameter to the "search.php" endpoint and the `USERNAME` parameter to the "login.php" endpoint. **Recommendations** For WX-Guestbook version 1.1.208, consider restricting access to the `search.php` and `login.php` endpoints until a fix is available. As a temporary workaround, avoid using the `QUERY` and `USERNAME` parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WX-Guestbook version 1.1.208 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `sName` parameter, also known as the name field. **Recommendations** For WX-Guestbook version 1.1.208, consider restricting access to the `sign.php` file until a patch is available, and avoid using the `sName` parameter in the affected endpoint.