Marc Castejon

**Name of the Vulnerable Software and Affected Versions** Itech Movie Portal Script version 7.36 **Description** A critical issue has been found in the software, affecting an unknown functionality of the file /show news.php. The manipulation of the `id` argument with a specific input leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Itech Movie Portal Script version 7.36, consider disabling the /show news.php file or restricting access to it until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Movie Portal Script version 7.36 **Description** A problematic issue was found in the software, affecting some unknown functionality of the file /movie.php. The manipulation of the argument `f` with the input `<img src=i onerror=prompt(1)>` leads to basic cross site scripting (Reflected). This can be exploited remotely. **Recommendations** For Itech Movie Portal Script version 7.36, as a temporary workaround, consider restricting access to the /movie.php file until a patch is available. Avoid using the argument `f` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Movie Portal Script version 7.36 **Description** A critical issue has been found in the software, affecting the /movie.php file. The manipulation of the `f` argument leads to SQL injection (Union), allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For Itech Movie Portal Script version 7.36, consider restricting access to the /movie.php file and avoid using the `f` argument until a patch is available. As a temporary workaround, restrict the use of the SQL query function that handles the `f` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Itech Movie Portal Script version 7.36 **Description** A critical issue was discovered, affecting the /artist-display.php file. The `act` argument is vulnerable to SQL injection (Union) attacks, which can be initiated remotely. **Recommendations** For Itech Movie Portal Script version 7.36, consider restricting access to the /artist-display.php file until a fix is available, and avoid using the `act` argument in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Itech Movie Portal Script version 7.36 **Description** A critical issue has been found in the processing of the file /film-rating.php. The manipulation of the argument `v` leads to sql injection, which can result in an error. This issue can be exploited remotely. **Recommendations** For Itech Movie Portal Script version 7.36, as a temporary workaround, consider restricting access to the /film-rating.php file until a patch is available. Additionally, avoid using the argument `v` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.