Mr.Tro0Oqy

**Name of the Vulnerable Software and Affected Versions** Netrix CMS version 1.0 **Description** The issue allows remote attackers to modify arbitrary pages. This is achieved through a direct request to the "admin/cikkform.php" endpoint using the `cid` parameter. **Recommendations** For Netrix CMS version 1.0, consider restricting access to the "admin/cikkform.php" endpoint to prevent unauthorized page modifications. As a temporary workaround, avoid using the `cid` parameter in this endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moa Gallery versions 1.1.0 through 1.2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `gallery id` parameter in a "gallery view" action. **Recommendations** For Moa Gallery versions 1.1.0 through 1.2.0, avoid using the `gallery id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `aid` parameter in a "showarticle" action in the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DigitalSpinners DS CMS version 1.0 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `nFileId` parameter in the DetailFile.php file. Recommendations: For DigitalSpinners DS CMS version 1.0, consider restricting access to the DetailFile.php file until a patch is available, and avoid using the `nFileId` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RS-CMS version 2.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `key` parameter in the rscms mod newsview.php file. **Recommendations** For RS-CMS version 2.1, consider restricting access to the rscms mod newsview.php file until a patch is available, and avoid using the `key` parameter in this file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ascad Networks Password Protector SD version 1.3.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting the `c7portal` and `cookname` cookies to "admin". Recommendations: For Ascad Networks Password Protector SD version 1.3.1, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the `c7portal` and `cookname` cookies or restrict their modification to prevent unauthorized access.

Name of the Vulnerable Software and Affected Versions: PAD Site Scripts version 3.6 Description: The issue allows remote attackers to bypass authentication and gain privileges as other users, including administrative privileges. This is achieved by setting the `authuser` cookie parameter to a valid username. Recommendations: For PAD Site Scripts version 3.6, update the authentication mechanism to properly validate and handle the `authuser` cookie parameter to prevent unauthorized access. As a temporary workaround, consider implementing additional authentication checks to verify user identities before granting access.

Name of the Vulnerable Software and Affected Versions: TCPDB version 3.8 Description: The issue allows remote attackers to add admin accounts without requiring administrative authentication. This is due to a lack of proper authentication in the user/index.php file. Recommendations: For TCPDB version 3.8, consider restricting access to the user/index.php file until a patch is available, and ensure that all administrative actions are properly authenticated to prevent unauthorized access.

Name of the Vulnerable Software and Affected Versions: AGTC MyShop version 3.2b Description: The issue allows remote attackers to bypass authentication and obtain administrative access by setting the `log accept` cookie to "correcto." Recommendations: For AGTC MyShop version 3.2b, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the `log accept` cookie or restrict its modification to prevent unauthorized access.