Lmaster

**Name of the Vulnerable Software and Affected Versions** Opial version 1.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `genres parent` parameter in the home.php file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For Opial version 1.0, avoid using the `genres parent` parameter in the home.php file until a fix is available. As a temporary workaround, consider restricting access to the home.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Opial version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `genres parent` parameter in the home.php file. **Recommendations** For Opial version 1.0, consider restricting access to the `genres parent` parameter in the home.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opial version 1.0 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. **Recommendations** For Opial version 1.0, consider restricting file uploads to only allow non-executable file extensions to prevent arbitrary code execution. As a temporary workaround, restrict access to the userimages directory to minimize the risk of exploitation.