Smallmouse

**Name of the Vulnerable Software and Affected Versions** Land Down Under (LDU) 800 **Description** Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `c` or `m` parameters to "index.php" or the `w` parameter to "journal.php". The vendor has disputed this issue, stating that the variables are properly sanitized and no LDU version is affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Land Down Under (LDU) 800 **Description** Multiple SQL injection issues allow remote attackers to execute arbitrary SQL commands via various parameters to different PHP files, including `s` or `m` parameter to "forums.php", `o`, `w`, `s`, or `p` parameter to "list.php", `m` parameter to "journal.php", `x` or `n` parameter to "forums.php", or `w` parameter to "links.php". The vendor has disputed this issue, stating that the variables are properly sanitized and no LDU version is affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.