Oon_Boy

**Name of the Vulnerable Software and Affected Versions** Datavore Gyro version 5.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `cid` parameter in a 'cat' action to the 'home' component. **Recommendations** For version 5.0, avoid using the `cid` parameter in the 'cat' action to the 'home' component until a fix is available. Consider restricting access to this component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Datavore Gyro version 5.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in a 'cat' action to the 'home' component. **Recommendations** For Datavore Gyro version 5.0, avoid using the `cid` parameter in the affected component until a fix is available. Consider restricting access to the 'home' component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenCart version 1.1.8 Description: The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `route` parameter of the index.php file. This is a directory traversal vulnerability. Recommendations: For OpenCart version 1.1.8, consider restricting access to the index.php file or limiting the `route` parameter to prevent directory traversal attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Seditio CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `c` parameter to "plug.php". **Recommendations** For Seditio CMS version 1.0, consider restricting access to the vulnerable "events/inc/events.inc.php" file in the Events plugin until a patch is available. Avoid using the `c` parameter in the "plug.php" endpoint to minimize the risk of exploitation.