Simo64

**Name of the Vulnerable Software and Affected Versions** PhpQuiz versions 1.2 and earlier **Description** The issue allows remote attackers to upload arbitrary PHP code to the phpquiz/img quiz folder via the `upload`, `ok update`, `image`, and `path` parameters in the back/upload img.php and admin/upload img.php files. This might require directory traversal sequences in the `path` parameter. **Recommendations** For PhpQuiz versions 1.2 and earlier, restrict access to the back/upload img.php and admin/upload img.php files to minimize the risk of exploitation. Avoid using the `upload`, `ok update`, `image`, and `path` parameters in these files until the issue is resolved. As a temporary workaround, consider disabling the file upload functionality in these files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PhpQuiz versions 1.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through the `univers` parameter in "score.php" and the `quiz id` parameter in "home.php", which is accessed through the "front/" URI. **Recommendations** For PhpQuiz versions 1.2 and earlier, as a temporary workaround, consider restricting access to the `score.php` and `home.php` files until a patch is available. Avoid using the `univers` and `quiz id` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Walter Beschmout PhpQuiz versions 1.2 and earlier **Description** A direct static code injection issue allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings. **Recommendations** For versions 1.2 and earlier, update to a version later than 1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Site@School versions 2.4.03 and earlier **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `cmsdir` parameter to "starnet/modules/include/include.php". **Recommendations** For versions 2.4.03 and earlier, consider restricting access to the `include.php` file in the `starnet/modules/include` directory until a fix is available. Avoid using the `cmsdir` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Site@School versions 2.4.02 and earlier **Description** The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote attackers to upload and execute arbitrary files with executable extensions. **Recommendations** For versions 2.4.02 and earlier, consider restricting access to the starnet/editors/htmlarea/popups/images.php file until a patch is available. As a temporary workaround, disable the execution of files with executable extensions in the affected directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Site@School versions 2.4.02 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `cmsdir` parameter to specific API endpoints, such as "/starnet/modules/sn allbum/slideshow.php" and "/starnet/themes/editable/main.inc.php". **Recommendations** For Site@School versions 2.4.02 and earlier, consider restricting access to the `cmsdir` parameter in the affected API endpoints until a patch is available. As a temporary workaround, disable the execution of remote PHP code in the `slideshow.php` and `main.inc.php` files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Site@School versions 2.4.02 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `dir` parameter of the images.php file in the starnet/editors/htmlarea/popups directory. **Recommendations** For versions 2.4.02 and earlier, consider restricting access to the images.php file in the starnet/editors/htmlarea/popups directory to minimize the risk of exploitation. Avoid using the `dir` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPMyRing versions 4.2.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idsite` parameter in the view com.php file. **Recommendations** For PHPMyRing versions 4.2.0 and earlier, consider restricting access to the view com.php file until a patch is available. As a temporary workaround, avoid using the `idsite` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gonafish LinksCaffe version 3.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters in different files, including the `tablewidth` parameter in "counter.php", the `newdays` parameter in "links.php", and the `tableborder`, `menucolor`, `textcolor`, and `bodycolor` parameters in "menu.inc.php". **Recommendations** For Gonafish LinksCaffe version 3.0, consider disabling the vulnerable parameters `tablewidth`, `newdays`, `tableborder`, `menucolor`, `textcolor`, and `bodycolor` in the respective files until a patch is available. Restrict access to the affected files "counter.php", "links.php", and "menu.inc.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gonafish LinksCaffe version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `offset` and `limit` parameters, `newdays` parameter in a new action, and the `link id` parameter in a deadlink action. This can also be used for path disclosure by forcing a SQL error or to modify PHP files using OUTFILE. **Recommendations** For Gonafish LinksCaffe version 3.0, consider restricting access to the links.php file and validating user input for the `offset`, `limit`, `newdays`, and `link id` parameters to prevent SQL injection attacks. As a temporary workaround, consider disabling the links.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Scout Portal Toolkit (SPT) versions 1.4.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter. **Recommendations** For versions 1.4.0 and earlier, update to a version later than 1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the `forumid` parameter in the affected API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Open Guestbook version 0.5 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `title` parameter in the header.php file. **Recommendations** For Open Guestbook version 0.5, avoid using the `title` parameter in the affected header.php file until a fix is available. Consider validating and sanitizing user input to prevent malicious script injections.

**Name of the Vulnerable Software and Affected Versions** Open Guestbook version 0.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `offset` parameter in the "view.php" file. **Recommendations** For Open Guestbook version 0.5, consider restricting access to the `view.php` file or avoid using the `offset` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** singapore versions 0.10.0 and earlier **Description** The issue allows remote attackers to obtain the installation path via an invalid `template` parameter, which reveals the path in an error message. **Recommendations** For versions 0.10.0 and earlier, consider restricting access to the `index.php` file until a patch is available. As a temporary workaround, avoid using invalid `template` parameters in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** singapore versions 0.10.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `template` parameter in index.php, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions 0.10.0 and earlier, avoid using the `template` parameter in index.php until a fix is available. As a temporary workaround, consider restricting access to index.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** singapore versions 0.10.0 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the `gallery` and `template` parameters. **Recommendations** For versions 0.10.0 and earlier, update to a version later than 0.10.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mafia Moblog versions 0.6M1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `img` parameter in the big.php file. **Recommendations** For Mafia Moblog versions 0.6M1 and earlier, update to a version later than 0.6M1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mafia Moblog versions 0.6M1 and earlier **Description** The issue allows remote attackers to obtain the installation path in an error message. This can be achieved by making a direct request to API endpoints such as "big.php" and "upgrade.php". **Recommendations** For Mafia Moblog versions 0.6M1 and earlier, consider restricting access to the "big.php" and "upgrade.php" API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Scry Gallery version 1.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is caused by ".." sequences in the `p` parameter, which is not properly sanitized. The vulnerability arises from an rtrim function call with the arguments in the wrong order. **Recommendations** For Scry Gallery version 1.1, consider sanitizing the `p` parameter to prevent directory traversal attacks. As a temporary workaround, restrict access to the index.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Scry Gallery version 1.1 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `p` parameter. This is achieved by revealing the path in an error message. **Recommendations** For Scry Gallery version 1.1, consider restricting access to the vulnerable parameter `p` to minimize the risk of exploitation. As a temporary workaround, avoid using the `p` parameter in error-prone situations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.