Nuclear

**Name of the Vulnerable Software and Affected Versions** IdeaCart versions 0.02 through 0.02a **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `page` parameter of the index.php file. **Recommendations** For IdeaCart versions 0.02 through 0.02a, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `page` parameter in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IdeaCart version 0.02 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cID` parameter in the "secure/index.php" endpoint. **Recommendations** For IdeaCart version 0.02, consider restricting access to the `cID` parameter in the "secure/index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `cID` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpAddEdit version 1.3 Description: The issue allows remote attackers to include and execute arbitrary local files via a URL in the `editform` parameter when `magic quotes gpc` is disabled. This could also lead to PHP remote file inclusion attacks. Recommendations: For phpAddEdit version 1.3, consider disabling the `addedit-render.php` script or restricting access to it until a patch is available. As a temporary workaround, enable `magic quotes gpc` to prevent exploitation. Avoid using the `editform` parameter in the affected script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OwnRS CMS version 1.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the autor.php file. **Recommendations** For OwnRS CMS version 1.2, avoid using the `id` parameter in the autor.php file until a fix is available. Consider restricting access to the autor.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BibCiter version 1.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idp` parameter to "reports/projects.php", the `idc` parameter to "reports/contacts.php", and the `idu` parameter to "reports/users.php". **Recommendations** For BibCiter version 1.4, avoid using the parameters `idp`, `idc`, and `idu` in the affected API endpoints until the issue is resolved. Restrict access to the "reports/projects.php", "reports/contacts.php", and "reports/users.php" modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Free Bible Search PHP Script version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `version` parameter in the readbible.php file. **Recommendations** For Free Bible Search PHP Script version 1.0, consider restricting access to the readbible.php file or the `version` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wazzum Dating Software version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `userid` parameter in the profile view.php file. **Recommendations** For Wazzum Dating Software version 2.0, consider restricting access to the `userid` parameter in the profile view.php file until a patch is available. Avoid using the `userid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free Links Directory Script (FLDS) version 1.2a **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the redir.php file. **Recommendations** For Free Links Directory Script (FLDS) version 1.2a, avoid using the `id` parameter in the redir.php file until the issue is resolved. Consider restricting access to the redir.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Free Links Directory Script (FLDS) version 1.2a **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the lpro.php file. **Recommendations** For Free Links Directory Script (FLDS) version 1.2a, avoid using the `id` parameter in the lpro.php file until a fix is available. Consider restricting access to the lpro.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenImpro version 1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "image.php" endpoint. **Recommendations** For OpenImpro version 1.1, consider restricting access to the `image.php` endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Camera Life version 2.6.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "photos" action. The vulnerable endpoint is related to the sitemap.xml.php file. **Recommendations** For Camera Life version 2.6.2, consider restricting access to the `id` parameter in the sitemap.xml.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` parameter in the affected endpoint until the issue is resolved.