Rst

**Name of the Vulnerable Software and Affected Versions** SEO-Board version 1.0.2 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `user pass sha1` value in a cookie. **Recommendations** For SEO-Board version 1.0.2, update the admin.php file to properly sanitize and validate user input to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the admin.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPNews version 1.2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `user` parameter in an HTTP POST request. This is a SQL injection vulnerability in the auth.php file. **Recommendations** For PHPNews version 1.2.5, consider restricting access to the auth.php file or validating and sanitizing the `user` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `user` parameter in the affected HTTP POST request until a patch is available.