Megasky

**Name of the Vulnerable Software and Affected Versions** OpenBB version 1.0.8 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is exploited via the `TID` parameter in the "read.php" file. **Recommendations** For OpenBB version 1.0.8, avoid using the `TID` parameter in the read.php file until a fix is available. Consider restricting access to the read.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenBB version 1.0.8 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `reverse` parameter in a "list" action. **Recommendations** For OpenBB version 1.0.8, update to a version that fixes this issue.

**Name of the Vulnerable Software and Affected Versions** PHPMyChat version 0.14.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML commands via the `FontName` parameter in certain PHP files, specifically `start page.css.php3` (also known as `start-page.css.php3`) or `style.css.php3`. **Recommendations** For PHPMyChat version 0.14.5, consider restricting access to the `FontName` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `FontName` parameter in the vulnerable API endpoints or files.

**Name of the Vulnerable Software and Affected Versions** WowBB versions 1.6 through 1.62 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `sort by` parameter in the view user.php file. **Recommendations** For WowBB versions 1.6 through 1.62, avoid using the `sort by` parameter in the view user.php file until a fix is available. As a temporary workaround, consider restricting access to the view user.php file to minimize the risk of exploitation.