Shamus

**Name of the Vulnerable Software and Affected Versions** Fusebox version 5.5.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `CatDisplay` parameter in the ProductList.cfm file. **Recommendations** For Fusebox version 5.5.1, consider restricting access to the ProductList.cfm file or validating and sanitizing the `CatDisplay` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `CatDisplay` parameter in the ProductList.cfm file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CAG CMS version 0.2 Beta **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `itemid` parameter in the "click.php" file. **Recommendations** For CAG CMS version 0.2 Beta, avoid using the `itemid` parameter in the click.php file until a fix is available. Consider restricting access to the click.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Chipmunk Board version 1.3 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `forumID` parameter in the "index.php" file. **Recommendations** For Chipmunk Board version 1.3, avoid using the `forumID` parameter in the affected index.php file until the issue is resolved. Consider restricting access to the index.php file to minimize the risk of exploitation.