Silentz

**Name of the Vulnerable Software and Affected Versions** Pixelpost version 1.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `parent id` parameter in the "index.php" file. **Recommendations** For Pixelpost version 1.7, avoid using the `parent id` parameter in the affected index.php file until the issue is resolved. Consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zenphoto versions 1.1 through 1.1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `albumnr` parameter in the "rss.php" file. **Recommendations** For Zenphoto versions 1.1 through 1.1.3, consider restricting access to the "rss.php" file until a patch is available. Avoid using the `albumnr` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Joomla! versions 1.5 Beta1 through 1.5 RC1 Description: The issue allows remote authenticated administrators to upload arbitrary files to the tmp/ directory via the "Upload Package File" functionality in the installer component. This is accessible when com installer is the value of the `option` parameter in the `administrator/index.php` file. Recommendations: For Joomla! versions 1.5 Beta1 through 1.5 RC1, consider disabling the "Upload Package File" functionality in the com installer component until a fix is available. Restrict access to the tmp/ directory to minimize the risk of exploitation. Avoid using the `option` parameter with the value of com installer in the administrator/index.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jasmine CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `login username` parameter to "login.php" or the `item` parameter to "news.php". **Recommendations** For Jasmine CMS version 1.0, consider restricting access to "login.php" and "news.php" until a patch is available. As a temporary workaround, avoid using the `login username` and `item` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Jasmine CMS version 1.0 **Description** A directory traversal issue exists, allowing remote authenticated administrators to include and execute arbitrary local files by manipulating the `u` parameter in admin/plugin manager.php. It is noted that this issue could potentially be exploitable by remote unauthenticated attackers if combined with a separate vulnerability. **Recommendations** For Jasmine CMS version 1.0, consider restricting access to the admin/plugin manager.php file until a fix is available, and avoid using the `u` parameter in this context to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: e-Vision CMS versions 2.02 and earlier Description: The issue allows remote attackers to perform directory traversal attacks. This can be achieved in two ways: (1) by including and executing arbitrary local files via a .. (dot dot) in the `adminlang` cookie to "admin/functions.php", or (2) by reading arbitrary local files via the `img` parameter to "admin/show img.php". Recommendations: For versions 2.02 and earlier, consider disabling access to "admin/functions.php" and "admin/show img.php" until a fix is available. Restrict the use of the `adminlang` cookie and the `img` parameter in the affected API endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Fuzzylime Forum version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `topic` parameter in the low.php file. Recommendations: For Fuzzylime Forum version 1.0, consider restricting access to the low.php file or avoiding the use of the `topic` parameter until a fix is available. As a temporary workaround, restrict the execution of SQL commands from this file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Fuzzylime Forum version 1.0 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `topic` parameter in low.php. It is noted that this might be a result of SQL injection. Recommendations: For Fuzzylime Forum version 1.0, avoid using the `topic` parameter in the affected low.php file until a fix is available. As a temporary workaround, consider restricting access to low.php to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: e-Vision CMS versions 2.02 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the `magic quotes gpc` setting is disabled. The `template` parameter is vulnerable to SQL injection. Recommendations: For e-Vision CMS versions 2.02 and earlier, consider disabling the `style.php` file or restricting access to it until a fix is available. As a temporary workaround, enable the `magic quotes gpc` setting to prevent SQL injection attacks via the `template` parameter.

Name of the Vulnerable Software and Affected Versions: Particle Gallery versions 1.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `editcomment` parameter in the "viewimage.php" file. Recommendations: For versions 1.0.1 and earlier, consider restricting access to the `viewimage.php` file or the `editcomment` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: EQdkp versions 1.3.2 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `rank` parameter in the listmembers.php file. Recommendations: For EQdkp versions 1.3.2 and earlier, consider restricting access to the listmembers.php file until a patch is available. As a temporary workaround, avoid using the `rank` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Sendcard versions 3.4.1 and earlier Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `sc language` parameter of the sendcard.php file. Recommendations: For Sendcard versions 3.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PBLang (PBL) versions 4.67.16.a and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `lang` parameter in the "login.php" file when `magic quotes gpc` is disabled. Recommendations: For PBLang (PBL) versions 4.67.16.a and earlier, consider disabling the `lang` parameter in the "login.php" file until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. Avoid using the `lang` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Pheap version 2.0 Description: The issue allows remote attackers to bypass authentication by setting a `pheap login` cookie value to the administrator's username. This can be used to obtain sensitive information, including the administrator password, via "settings.php" or to upload and execute arbitrary PHP code via an "update doc" action in "edit.php". Recommendations: For Pheap version 2.0, as a temporary workaround, consider restricting access to "settings.php" and "edit.php" to minimize the risk of exploitation. Avoid using the `pheap login` cookie until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gCards versions 1.46 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `newsid` parameter in the "getnewsitem.php" file. **Recommendations** For gCards versions 1.46 and earlier, avoid using the `newsid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** My Little Forum versions 1.7 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the user.php file. **Recommendations** For My Little Forum versions 1.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dokeos versions 1.6.5 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `scormcontopen` parameter in the "tracking/courseLog.php" endpoint. **Recommendations** For Dokeos versions 1.6.5 and earlier, avoid using the `scormcontopen` parameter in the tracking/courseLog.php endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dokeos versions 1.8.0 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `course` parameter in the main/auth/my progress.php file. **Recommendations** For Dokeos versions 1.8.0 and earlier, update to a version later than 1.8.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dokeos versions 1.8.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the `img` parameter to "main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php" and other unspecified vectors. **Recommendations** For Dokeos versions 1.8.0 and earlier, as a temporary workaround, consider restricting access to the "main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php" file until a patch is available. Avoid using the `img` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TutorialCMS versions 1.01 and earlier **Description** The issue allows remote attackers to bypass authentication when register globals is enabled. This is achieved by manipulating the `loggedIn` and `activated` parameters in several API endpoints, including "login.php", "headerLinks.php", "submit1.php", "myFav.php", and "userCP.php". **Recommendations** For TutorialCMS versions 1.01 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, as a temporary workaround, restrict access to the affected API endpoints until a patch is available. Avoid using the `loggedIn` and `activated` parameters in the affected endpoints until the issue is resolved.