Nu Am Bani

**Name of the Vulnerable Software and Affected Versions** @1 File Store version 2006.03.07 @1 File Store PRO version 3.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to various PHP files, including "functions.php" and "user.php" in the libs directory, and other files in different directories. Additionally, the `email` parameter in "password.php" and the `id` parameter in "folder.php" are vulnerable. **Recommendations** For @1 File Store version 2006.03.07, avoid using the `id` parameter in the affected API endpoints until the issue is resolved. For @1 File Store version 2006.03.07, restrict access to the vulnerable "password.php" and "folder.php" files to minimize the risk of exploitation. For @1 File Store PRO version 3.2, consider disabling the affected "confirm.php" and "download.php" functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.