Ozx

**Name of the Vulnerable Software and Affected Versions** Open-school (OS) version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "show action" to the "index.php" endpoint. **Recommendations** For Open-school (OS) version 1.0, consider restricting access to the `id` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Escon SupportPortal Pro version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the index.php file, specifically via the `cat` and `tid` parameters in the API endpoint "index.php". **Recommendations** For Escon SupportPortal Pro version 3.0, consider restricting access to the `cat` and `tid` parameters in the index.php file until a patch is available. As a temporary workaround, avoid using the `cat` and `tid` parameters in the affected API endpoint.

Name of the Vulnerable Software and Affected Versions: Virtue Shopping Mall (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `cid` parameter in the products.php file. This can be exploited by sending malicious input to the vulnerable endpoint, potentially leading to unauthorized data access or modification. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Virtue Book Store (affected versions not specified) Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the products.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtue Classifieds (affected versions not specified) **Description** A SQL injection issue exists in the search.php file of Virtue Classifieds, allowing remote attackers to execute arbitrary SQL commands by manipulating the `category` parameter in the "/search.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.