Muuratsalo

**Name of the Vulnerable Software and Affected Versions** F*EX (aka fex) versions prior to 20111129-2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `to` or `from` parameters, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 20111129-2, update to version 20111129-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Frams' Fast File EXchange (F*EX, aka fex) versions prior to 20120215 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter. This can lead to the execution of malicious scripts on the client-side. **Recommendations** For versions prior to 20120215, update to version 20120215 or later to resolve the issue. As a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OrderSys versions 1.6.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `where clause` parameter to API endpoints such as "index.php", "index long.php", or "index short.php" in the "ordering/interface creator/" directory. **Recommendations** For OrderSys versions 1.6.4 and earlier, as a temporary workaround, consider restricting access to the `where clause` parameter in the affected API endpoints until a patch is available. Avoid using the `where clause` parameter in the "index.php", "index long.php", or "index short.php" endpoints in the "ordering/interface creator/" directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Blogs Manager versions 1.101 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `SearchField` parameter in a search action to various API endpoints, including " authors list.php", " blogs list.php", " category list.php", " comments list.php", " policy list.php", " rate list.php", "categoriesblogs list.php", "chosen authors list.php", "chosen blogs list.php", "chosen comments list.php", and "help list.php" in the "blogs/" directory. **Recommendations** For Blogs Manager versions 1.101 and earlier, as a temporary workaround, consider restricting access to the `SearchField` parameter in the affected API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Freelancer calendar version 1.01 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `SearchField` parameter in a search action to several API endpoints, including "category list.php", "Copy of calendar list.php", "customer statistics list.php", "customer list.php", and "task statistics list.php" in the worldcalendar directory. **Recommendations** For Freelancer calendar version 1.01 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the `SearchField` parameter in search actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Valid tiny-erp versions 1.6 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `SearchField` parameter in a search action to several API endpoints, including "/ partner list.php", "/proioncategory list.php", "/ rantevou list.php", "/syncategory list.php", "/synallasomenos list.php", "/ypelaton list.php", and "/yproion list.php". **Recommendations** For versions 1.6 and earlier, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using the `SearchField` parameter in search actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mini-pub version 0.3 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into the `sFileName` argument in the `/front-end/cat.php` file of mini-pub. **Recommendations** For mini-pub version 0.3, consider restricting access to the `/front-end/cat.php` file until a patch is available, and avoid using the `sFileName` argument with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mini-pub version 0.3 **Description** The issue allows remote attackers to read arbitrary files via a full pathname in the `sFileName` parameter in the mini-pub.php/front-end/cat.php file. **Recommendations** For mini-pub version 0.3, avoid using the `sFileName` parameter in the affected file until the issue is resolved. Consider restricting access to the mini-pub.php/front-end/cat.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mini-pub version 0.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sFileName` parameter in the mini-pub.php/front-end/img.php file. **Recommendations** For mini-pub version 0.3, avoid using the `sFileName` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the mini-pub.php/front-end/img.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Travelsized CMS version 0.4.1 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `page id` and `language` parameters in index.php. **Recommendations** For Travelsized CMS version 0.4.1, consider restricting access to the `page id` and `language` parameters in the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Public Warehouse LightBlog version 9.6 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `username` parameter in the view member.php file. This is a directory traversal vulnerability. **Recommendations** For Public Warehouse LightBlog version 9.6, consider restricting access to the view member.php file until a patch is available, and avoid using the `username` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scribe version 0.2 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary local files. This is achieved by using a .. (dot dot) in the `page` parameter of the index.php file. **Recommendations** For Scribe version 0.2, consider restricting access to the index.php file until a patch is available, or apply configuration changes to prevent directory traversal attacks, such as validating and sanitizing the `page` parameter to prevent .. (dot dot) sequences.

**Name of the Vulnerable Software and Affected Versions** BanPro DMS version 1.0 **Description** The issue allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the `action` parameter in the "DMS/index.php" file. This can lead to the execution of malicious code. **Recommendations** For BanPro DMS version 1.0, consider restricting access to the `action` parameter in the "DMS/index.php" file to prevent directory traversal attacks. As a temporary workaround, avoid using the `action` parameter with untrusted input until a patch is available.

**Name of the Vulnerable Software and Affected Versions** artmedic webdesign weblog version 1.0 **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This occurs when magic quotes gpc is disabled, and an attacker uses a .. (dot dot) in specific parameters. The affected parameters include the `ta` parameter to "artmedic index.php", which can be reached through "index.php", and the `date` parameter to "artmedic print.php". **Recommendations** For artmedic webdesign weblog version 1.0, consider disabling the `ta` and `date` parameters in the affected API endpoints until a patch is available. Restrict access to "artmedic index.php" and "artmedic print.php" to minimize the risk of exploitation. Enable magic quotes gpc to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** sflog! version 0.96 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `permalink` or `section` parameter to "index.php", possibly involving includes/entries.inc.php and other files included by index.php. **Recommendations** For sflog! version 0.96, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation, and avoid using the `permalink` and `section` parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nilson's Blogger version 0.11 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the `permalink` parameter in `core.php`, accessed through `index.php`, and the `thispost` parameter in `comments.php`. **Recommendations** For Nilson's Blogger version 0.11, as a temporary workaround, consider restricting access to the `core.php` and `comments.php` files until a patch is available. Avoid using the `permalink` and `thispost` parameters in the affected API endpoints until the issue is resolved.