Nenad Jovanovic

**Name of the Vulnerable Software and Affected Versions** Open Searchable Image Catalogue (OSIC) versions prior to 0.7.0.1 **Description** The issue allows remote attackers to inject arbitrary SQL commands via multiple vectors. This is demonstrated by the `type` parameter in "adminfunctions.php" and the `catalogue id` parameter in "editcatalogue.php". **Recommendations** For versions prior to 0.7.0.1, update to version 0.7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `do mysql query` function in "core.php" until a patch is available. Avoid using the `type` parameter in "adminfunctions.php" and the `catalogue id` parameter in "editcatalogue.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open Searchable Image Catalogue (OSIC) versions 0.7.0.1 and earlier **Description** The issue allows remote attackers to inject arbitrary SQL commands. This is achieved via the `txtCustomField` and `CustomFieldID` array parameters in the "search.php" file. **Recommendations** For OSIC versions 0.7.0.1 and earlier, update to a version later than 0.7.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open Searchable Image Catalogue (OSIC) versions prior to 0.7.0.1 **Description** A cross-site scripting (XSS) issue exists in the do mysql query function in core.php, allowing remote attackers to inject arbitrary web scripts or HTML via failed SQL queries. This is reflected in an error message. **Recommendations** For versions prior to 0.7.0.1, update to version 0.7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the do mysql query function in core.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Open Searchable Image Catalogue (OSIC) versions 0.7.0.1 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web scripts or HTML via the `item list` parameter in the "search.php" endpoint. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For OSIC versions 0.7.0.1 and earlier, as a temporary workaround, consider restricting access to the "search.php" endpoint or sanitizing the `item list` parameter to prevent malicious input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier **Description** The issue allows remote attackers to perform unauthorized actions as a logged-in user. This can be achieved by tricking the administrator into accessing a web page that performs a mod info action in the `modify gallery.php` endpoint. **Recommendations** For versions 0.95b and earlier, as a temporary workaround, consider restricting access to the `modify gallery.php` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog versions 0.4.5 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in certain PHP files. This is achieved through the `entry`, `blog subject`, and `blog text` parameters, which involve the `temp subject` variable in `preview cgi.php` and `preview static cgi.php` files. Additionally, the `scheme name` and `bg color` parameters, involving the `preset name` and `result` variables in `colors.php`, are also vulnerable. **Recommendations** For Simple PHP Blog versions 0.4.5 and earlier, consider disabling the `preview cgi.php` and `preview static cgi.php` files, as well as restricting access to the `colors.php` file until a patch is available. Avoid using the `entry`, `blog subject`, `blog text`, `scheme name`, and `bg color` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions 0.8.4 and earlier **Description** A cross-site request forgery issue allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to "serendipity admin.php". **Recommendations** For versions 0.8.4 and earlier, update to a version later than 0.8.4 to resolve the issue.