Qw3Rtyty

**Name of the Vulnerable Software and Affected Versions** Joomla com jsjobs version 1.2.6 **Description** An arbitrary file deletion issue allows authenticated attackers to delete files accessible to the web server. This is achieved by sending POST requests to the 'job.savejob' task and manipulating the `field 2` parameter using path traversal sequences, which involve using special characters to navigate outside the intended directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Joomla com hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer videos table.

Joomla com fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax files method with path traversal sequences to enumerate files in system directories outside the intended web root.

**Name of the Vulnerable Software and Affected Versions** WordPress plugin spam-byebye versions 2.2.1 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For WordPress plugin spam-byebye versions 2.2.1 and earlier, update to a version later than 2.2.1 to resolve the issue.