Sniper_Sa

Name of the Vulnerable Software and Affected Versions: SkaDate versions 5.0 through 6.482 Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by using a .. (dot dot) in the `view mode` parameter to specific API endpoints, such as "featured list.php" and "online list.php" in the "member/" directory. Recommendations: For SkaDate versions 5.0 through 6.482, as a temporary workaround, consider restricting access to the `view mode` parameter in the affected API endpoints until a patch is available. Avoid using the `view mode` parameter with unvalidated input in "featured list.php" and "online list.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WAHM E-Commerce Pie Cart Pro (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Inc Dir` parameter in various PHP files, including "affiliates.php", "orders.php", "events.php", "index.php", "articles.php", "faqs.php", "guestbook.php", "catalog.php", "wholesale.php", "weblinks.php", "certificates.php", "sitesearch.php", "contact.php", "sitemap.php", "search.php", "registry.php", or "error.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AZDG AzDGVote (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `int path` parameter in several PHP files, including "vote.php", "view.php", "admin.php", and "admin/index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpWebSite versions 0.10.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the topic parameter in the topics.php file. **Recommendations** For versions 0.10.2 and earlier, update to a version later than 0.10.2 to resolve the issue. As a temporary workaround, consider restricting access to the topics.php file or validating and sanitizing the `topic` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Saphp Lesson versions 1.1 through 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter in API endpoints such as "showcat.php" and "add.php". **Recommendations** For versions 1.1 through 2.0, consider restricting access to the `forumid` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `forumid` parameter in "showcat.php" and "add.php" to minimize the risk of exploitation.