S@Bun

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke My eGallery module (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `gid` parameter in a "showgall" action to "modules.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dream4 Koobi versions 4.4 and 5.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `img id` parameter in the "gallerypic" page of the index.php file. **Recommendations** For dream4 Koobi version 4.4, update to a version that fixes this issue. For dream4 Koobi version 5.4, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the `img id` parameter in the "gallerypic" page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KwsPHP version 1.3.456 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id gal` parameter in a "gal" action, specifically targeting the index.php file in the galerie module. **Recommendations** For KwsPHP version 1.3.456, consider restricting access to the galerie module until a patch is available. As a temporary workaround, avoid using the `id gal` parameter in the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** RS MAXSOFT fotogalerie module (affected versions not specified) **Description** A SQL injection issue in the fotogalerie module allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `fotoID` parameter in the popup img.php file. The accuracy of this information might be questionable due to the source being an unreliable researcher. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osCommerce Poll Booth Add-On version 2.0 **Description** The issue concerns a SQL injection vulnerability. It allows remote attackers to execute arbitrary SQL commands via the `pollID` parameter in a results operation. **Recommendations** For osCommerce Poll Booth Add-On version 2.0, consider restricting access to the `pollID` parameter in the results operation to minimize the risk of exploitation. Avoid using the `pollID` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dream4 Koobi Pro version 6.25 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `poll id` parameter in a "poll" action. The affected endpoint is not explicitly specified but is related to the index.php file. **Recommendations** For dream4 Koobi Pro version 6.25, consider restricting access to the poll action in index.php to minimize the risk of exploitation. Avoid using the `poll id` parameter in affected actions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Site Sift Listings (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a detail action to "index.php". This issue might be site-specific. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smoothflash (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the admin view image.php file. **Recommendations** For Smoothflash, consider restricting access to the admin view image.php file until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RunCMS Photo 3.02 module **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the viewcat.php file. **Recommendations** For RunCMS Photo 3.02 module, avoid using the `cid` parameter in the viewcat.php file until the issue is resolved. Consider restricting access to the viewcat.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** com restaurante version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a detail action to "index.php". This is a SQL injection vulnerability in the Detodas Restaurante component for Mambo and Joomla!. **Recommendations** For com restaurante version 1.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the detail action in index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alberghi (com alberghi) versions 2.1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a detail action to "index.php". This can lead to unauthorized access and manipulation of database content. **Recommendations** For versions 2.1.3 and earlier, avoid using the `id` parameter in the detail action to "index.php" until a fix is available. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joovideo (com joovideo) versions 1.0 through 1.2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a detail action to the "index.php" endpoint. **Recommendations** For versions 1.0 through 1.2.2, consider restricting access to the `id` parameter in the detail action to "index.php" until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Viso (Industry Book) module for eXV2 versions 2.03 through 2.04 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `kid` parameter in the index.php file. **Recommendations** For versions 2.03 through 2.04, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `kid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** eXV2 WebChat module version 1.60 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `roomid` parameter in the index.php file of the WebChat module. **Recommendations** For version 1.60 of the WebChat module, avoid using the `roomid` parameter in the index.php file until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyAnnonces version 1.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lid` parameter in an "ImprAnn" action in the annonces-p-f.php file of the MyAnnonces module for eXV2. **Recommendations** For MyAnnonces version 1.8, consider restricting access to the annonces-p-f.php file to minimize the risk of exploitation. Avoid using the `lid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XOOPS Tutorials module version 2.1b **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `tid` parameter in the `printpage.php` file, which can be accessed directly or through a printpage action to `index.php`. **Recommendations** For XOOPS Tutorials module version 2.1b, avoid using the `tid` parameter in the `printpage.php` file until the issue is resolved. As a temporary workaround, consider restricting access to the `printpage.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Garys Cookbook (com garyscookbook) versions 1.1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a detail action to the "index.php" endpoint. **Recommendations** For versions 1.1.1 and earlier, update to a version later than 1.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint or avoiding the use of the `id` parameter in detail actions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Prayer List (prayerlist) version 1.04 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cid` parameter in a 'view' action within the index.php file of the Prayer List module for XOOPS. **Recommendations** For version 1.04, avoid using the `cid` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file in the Prayer List module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** hwdVideoShare (com hwdvideoshare) version 1.1.3 Alpha **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat id` parameter in a "viewcategory" action to "index.php". **Recommendations** For version 1.1.3 Alpha, avoid using the `cat id` parameter in the "viewcategory" action to "index.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke Web Links module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cid` parameter in a 'viewlink' action within the modules.php file of the Web Links module. **Recommendations** For the Web Links module, consider restricting access to the `cid` parameter in the 'viewlink' action until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.