Red-D3V1L

**Name of the Vulnerable Software and Affected Versions** Typing Pal versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idTableProduit` parameter in the demo.php file. **Recommendations** For Typing Pal versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to the demo.php file or avoiding the use of the `idTableProduit` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AlefMentor versions 2.0 through 2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cont id` and `courc id` parameters in a "pregled" action. **Recommendations** For AlefMentor versions 2.0 through 2.2, consider restricting access to the vulnerable parameters `cont id` and `courc id` in the affected action until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Turnkey Arcade Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a 'browse' action. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.