Phenom

**Name of the Vulnerable Software and Affected Versions** Dynamicsoft WSC CMS version 2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Password` parameter in the "backoffice/login.asp" endpoint. **Recommendations** For Dynamicsoft WSC CMS version 2.2, consider restricting access to the "backoffice/login.asp" endpoint until a patch is available. As a temporary workaround, avoid using the `Password` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** StatCounteX version 3.1 **Description** The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request for the path/stats.mdb file. **Recommendations** For StatCounteX version 3.1, consider restricting access to the stats.mdb file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JAG (Just Another Guestbook) version 1.14 **Description** The issue allows remote attackers to obtain sensitive information due to insufficient access control. Sensitive information is stored under the web root, making it accessible via a direct request for jag/database.sql. **Recommendations** For JAG (Just Another Guestbook) version 1.14, consider restricting access to the jag/database.sql file to prevent unauthorized access until a proper fix is available. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk.