Liz0Zim

**Name of the Vulnerable Software and Affected Versions** Adult Script versions 1.6 and earlier **Description** The issue allows remote attackers to bypass authentication and obtain administrative credentials by sending a direct request. This can be leveraged for arbitrary code execution through a request to "admin/videolinks view.php". **Recommendations** For Adult Script versions 1.6 and earlier, update to a version later than 1.6 to resolve the issue. As a temporary workaround, consider restricting access to the "admin/videolinks view.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sciurus Hosting Panel version 2.0.3 **Description** A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code via the `filecontents` parameter in acp/savenews.php. This code can be executed by accessing includes/news.php. **Recommendations** For Sciurus Hosting Panel version 2.0.3, consider restricting access to the `filecontents` parameter in acp/savenews.php to minimize the risk of exploitation. Avoid using the `filecontents` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Article Script versions 1.6.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `category` parameter in the rss.php file. Recommendations: For Article Script versions 1.6.3 and earlier, avoid using the `category` parameter in the rss.php file until a fix is available. Consider restricting access to the rss.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Matt Wright Guestbook version 2.3.1 Description: A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script or HTML via the `Your Name`, `E-Mail`, or `Comments` fields when posting a message. Recommendations: For Matt Wright Guestbook version 2.3.1, consider disabling the posting of messages until a patch is available to prevent exploitation of the XSS issue. Restrict access to the fields `Your Name`, `E-Mail`, and `Comments` to minimize the risk of arbitrary web script or HTML execution.

Name of the Vulnerable Software and Affected Versions: Shadowed Portal (affected versions not specified) Description: A cross-site scripting (XSS) issue exists in the Pages module of Shadowed Portal, allowing remote attackers to inject arbitrary web script or HTML via the `page` parameter to "load.php". Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Randshop (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `kategorieid` and `katid` parameters in the themes/kategorie/index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.