Pokleyzz

**Name of the Vulnerable Software and Affected Versions** Mambo versions 4.5.2.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user rating` parameter in the content.php file. **Recommendations** For Mambo versions 4.5.2.2 and earlier, consider restricting access to the content.php file until a fix is available. As a temporary workaround, avoid using the `user rating` parameter in the affected content.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.9 and earlier PHP-Nuke version 7.x **Description** The issue allows remote attackers to inject arbitrary SQL code and gain sensitive information. This can be achieved via the `category` variable in the "Search" module or the `admin` variable in the "Web Links" module. **Recommendations** For PHP-Nuke versions 6.9 and earlier, update to a version later than 6.9 to resolve the issue. For PHP-Nuke version 7.x, consider disabling the Search and Web Links modules until a patch is available. As a temporary workaround, restrict access to the vulnerable modules to minimize the risk of exploitation.