Silic0N

**Name of the Vulnerable Software and Affected Versions** digiSHOP version 2.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "cart.php" file. **Recommendations** For digiSHOP version 2.0.2, consider restricting access to the `id` parameter in the cart.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tycoon Baseball Script version 1.0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `game id` parameter in a "game player" action. **Recommendations** For Tycoon Baseball Script version 1.0.9, avoid using the `game id` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.