Sadhacker

**Name of the Vulnerable Software and Affected Versions** SermonSpeaker (com sermonspeaker) versions prior to 3.2.1 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "latest sermons" action to "index.php". **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint with the "latest sermons" action to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** elkagroup Image Gallery (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter to the default URI under "news/". This enables attackers to manipulate the database by injecting malicious SQL code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.