Negator

**Name of the Vulnerable Software and Affected Versions** ARC (aka ARC2) through 2011-12-01 **Description** The issue allows blind SQL Injection in the `getTriplePatternSQL` function within `ARC2 StoreSelectQueryHandler.php` via comments in a SPARQL WHERE clause. **Recommendations** For ARC (aka ARC2) through 2011-12-01, consider disabling the `getTriplePatternSQL` function in `ARC2 StoreSelectQueryHandler.php` to prevent exploitation until a fix is available. Restrict access to comments in SPARQL WHERE clauses to minimize the risk of blind SQL Injection.

**Name of the Vulnerable Software and Affected Versions** ARC (aka ARC2) through 2011-12-01 **Description** The issue allows reflected XSS via the `end point.php` query parameter in an `output=htmltab` action. This can be exploited through the "/end point.php" API endpoint, specifically by manipulating the `output` parameter and the query parameters passed to it. **Recommendations** For ARC (aka ARC2) through 2011-12-01, consider restricting access to the `/end point.php` API endpoint, specifically when the `output` parameter is set to `htmltab`, until a patch is available. As a temporary workaround, avoid using the `end point.php` query parameter in actions where `output=htmltab` to minimize the risk of exploitation.