Qabandi

**Name of the Vulnerable Software and Affected Versions** Scripteen Free Image Hosting Script version 2.3 **Description** The issue allows remote attackers to bypass authentication and gain administrative access by setting the `cookgid` cookie value to 1. This is a different attack vector. **Recommendations** For Scripteen Free Image Hosting Script version 2.3, as a temporary workaround, consider validating and sanitizing the `cookgid` cookie value to prevent unauthorized access until a patch is available. Restrict access to administrative functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Allomani Audio & Video Library (Songs & Clips version) version 2.7.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in a login action, specifically targeting the login.php file. **Recommendations** For version 2.7.0, update to a version that fixes the SQL injection vulnerability in the login.php file, ensuring that the `username` parameter is properly sanitized to prevent arbitrary SQL command execution.

**Name of the Vulnerable Software and Affected Versions** Allomani Movies Library (Movies & Clips) version 2.7.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in a login action, specifically targeting the login.php file. **Recommendations** For version 2.7.0, consider restricting access to the login.php file or disabling the login functionality until a fix is available. As a temporary workaround, avoid using the `username` parameter in the login action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Arab Portal versions 2.2 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `module` parameter in the modules/aljazeera/admin/setup.php file, when register globals is enabled and magic quotes gpc is disabled. **Recommendations** For Arab Portal versions 2.2 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the setup.php file in the modules/aljazeera/admin directory to minimize the risk of arbitrary file inclusion.

**Name of the Vulnerable Software and Affected Versions** Mole Group Adult Portal Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user id` parameter in the "profile.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Million Dollar Text Links versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the admin.link.modify.php file. **Recommendations** For Million Dollar Text Links versions 1.0 and earlier, avoid using the `id` parameter in the admin.link.modify.php file until a fix is available. As a temporary workaround, consider restricting access to the admin.link.modify.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VivaPrograms Infinity versions 2.0.5 and earlier **Description** The issue allows remote attackers to create administrative accounts without requiring administrative authentication. This is achieved through the `name`, `password`, and `conf password` parameters in the cp/profile.php endpoint. **Recommendations** For versions 2.0.5 and earlier, consider disabling the `donewauthor` action in the cp/profile.php endpoint until a patch is available. Restrict access to the cp/profile.php endpoint to minimize the risk of exploitation. Avoid using the `name`, `password`, and `conf password` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mobilelib GOLD version 3.0 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the myhtml.php file. This occurs when magic quotes gpc is enabled and a .. (dot dot) is used in the `GLOBALS[page]` parameter. **Recommendations** For Mobilelib GOLD version 3.0, consider disabling the use of the `GLOBALS[page]` parameter or restricting access to the myhtml.php file until a patch is available. As a temporary workaround, disabling magic quotes gpc may also help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Allomani Mobile version 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in a login action, specifically targeting the login.php file. **Recommendations** For version 2.5, update the login.php file to properly sanitize the `username` parameter to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the login action until a patch is available.

Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions 2.0.0 through 2.3.5 Description: The issue allows remote attackers to read arbitrary files via a base64-encoded `file` parameter in the `pixaria.image.php` file. Recommendations: For Pixaria Gallery versions 2.0.0 through 2.3.5, consider restricting access to the `pixaria.image.php` file until a patch is available. Avoid using the `file` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Traidnt Up version 2.0 **Description** The issue concerns SQL injection vulnerabilities in the adminquery.php file. Remote attackers can execute arbitrary SQL commands by manipulating the `trupuser` and `truppassword` cookies to access the uploadcp/index.php endpoint. **Recommendations** For Traidnt Up version 2.0, consider restricting access to the adminquery.php file and the uploadcp/index.php endpoint until a fix is available. As a temporary workaround, avoid using the `trupuser` and `truppassword` cookies in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mlffat version 2.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via a `member` cookie in an `account` `editprofile` action. **Recommendations** For Mlffat version 2.2, consider restricting access to the `editprofile` action until a patch is available. As a temporary workaround, avoid using the `member` cookie in the affected `index.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pc4 Uploader versions 10.0 and earlier **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities in the upfiles/index.php file. This can be achieved by using either a .. (dot dot) or an absolute path in the `file` parameter. **Recommendations** For Pc4 Uploader versions 10.0 and earlier, consider restricting access to the upfiles/index.php file until a fix is available. As a temporary workaround, avoid using absolute paths or .. (dot dot) in the `file` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EgyPlus 7ammel (aka 7ml) versions 1.0.1 and earlier **Description** The issue allows remote attackers to bypass authentication by providing arbitrary `username` and `password` parameters. This occurs because cpanel/login.php sends a redirect to the web browser but does not exit when the supplied credentials are incorrect. **Recommendations** For EgyPlus 7ammel (aka 7ml) versions 1.0.1 and earlier, consider disabling the login functionality in cpanel/login.php until a patch is available. Restrict access to the cpanel/login.php endpoint to minimize the risk of exploitation. Avoid using arbitrary `username` and `password` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EgyPlus 7ammel (aka 7ml) versions 1.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` or `password` parameter in the cpanel/login.php file when magic quotes gpc is disabled. **Recommendations** For EgyPlus 7ammel (aka 7ml) versions 1.0.1 and earlier, consider disabling the login functionality in cpanel/login.php until a patch is available, and ensure magic quotes gpc is enabled to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** 4images versions 1.7.7 and earlier **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted `user homepage` parameter to "member.php", and then posting a comment associated with a picture. **Recommendations** For versions 1.7.7 and earlier, as a temporary workaround, consider restricting access to the `member.php` page or avoiding the use of the `user homepage` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Pc4 Uploader versions 9.0 and earlier Description: The issue allows remote attackers to conduct SQL injection attacks via crafted keyword sequences. This is achieved by exploiting the filter in the `id` parameter in a banner action. For example, the string "UNIunionON" is collapsed into "UNION" by the `filter sql` function, facilitating the attack. Recommendations: For Pc4 Uploader versions 9.0 and earlier, consider disabling the `filter sql` function or restricting access to the banner action until a patch is available. Avoid using the `id` parameter in the affected banner action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpFastNews version 1.0.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `fn-loggedin` cookie to 1, exploiting the `isLoggedIn` function in fastnews-code.php. **Recommendations** For phpFastNews version 1.0.0, as a temporary workaround, consider modifying the `isLoggedIn` function to properly validate the `fn-loggedin` cookie. Restrict access to administrative features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.