Staker

**Name of the Vulnerable Software and Affected Versions** Agoko CMS versions 0.4 and earlier **Description** The issue allows remote attackers to inject and execute arbitrary PHP code via the `filename` and `text` parameters in the admintools/editpage-2.php file. **Recommendations** For Agoko CMS versions 0.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** All Club CMS (ACCMS) versions 0.0.2 and earlier **Description** The issue allows remote attackers to obtain database configuration information, including credentials, via a direct request to `accms.dat`. This is due to sensitive information being stored under the web root with insufficient access control. **Recommendations** For All Club CMS (ACCMS) versions 0.0.2 and earlier, consider restricting access to the `accms.dat` file until a proper fix is available. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 2532|Gigs version 1.2.2 Description: The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities in the checkuser.php file. This occurs when magic quotes gpc is disabled, and attackers can exploit the `username` and `password` parameters, which are accessible from a form generated by index.php. Recommendations: For version 1.2.2, consider disabling the checkuser.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the `username` and `password` parameters in the affected form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** fuzzylime (cms) versions 3.03a and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences. This can be achieved by exploiting the list parameter to the "code/confirm.php" endpoint and the template parameter to the "code/display.php" endpoint when magic quotes gpc is disabled. **Recommendations** For versions 3.03a and earlier, consider disabling the execution of files from user-supplied input to code/confirm.php and code/display.php until a patch is available. Restrict access to the list and template parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** fuzzylime (cms) versions 3.03a and earlier **Description** The issue allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files. This is achieved by providing a "....//" (dot dot) in the `s` parameter, which is then collapsed into a "../" value, enabling the attacker to traverse directories and potentially overwrite files. This issue is specifically relevant when `magic quotes gpc` is disabled. **Recommendations** For versions 3.03a and earlier, consider disabling the `s` parameter in the code/display.php file until a patch is available, or ensure that `magic quotes gpc` is enabled to mitigate the risk of directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** phpWebThings versions 1.5.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the fdown.php file. **Recommendations** For phpWebThings versions 1.5.2 and earlier, consider restricting access to the fdown.php file until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: cpCommerce versions 1.2.x, possibly including 1.2.9 Description: The issue allows remote attackers to bypass a protection mechanism, enabling them to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files. This is achieved via the `GLOBALS[prefix]` parameter. Recommendations: For cpCommerce versions 1.2.x, possibly including 1.2.9, consider restricting access to the ` functions.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `GLOBALS[prefix]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mic Blog version 0.0.3 Description: The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This can occur when the `magic quotes gpc` setting is disabled, specifically through the `cat` parameter to "category.php", the `user` parameter to "login.php", and the `site` parameter to "register.php". Recommendations: For Mic Blog version 0.0.3, consider disabling the `category.php`, `login.php`, and `register.php` scripts until a patch is available, or ensure that the `magic quotes gpc` setting is enabled to mitigate the risk of SQL injection attacks. Additionally, restrict access to the `cat`, `user`, and `site` parameters in their respective scripts to minimize the risk of exploitation.

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.

Name of the Vulnerable Software and Affected Versions: Lizardware CMS versions 0.6.0 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the `user`. This can be achieved by exploiting a SQL injection vulnerability in the administrator/index.php file. Recommendations: For Lizardware CMS versions 0.6.0 and earlier, update to a version later than 0.6.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Keller Web Admin CMS version 0.94 Pro Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `action` parameter of the Public/index.php file. Recommendations: For Keller Web Admin CMS version 0.94 Pro, consider restricting access to the Public/index.php file to minimize the risk of exploitation. Avoid using the `action` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board (UPB) versions 2.2.2 and earlier 2.x versions Description: The issue allows remote attackers to inject arbitrary web script or HTML via the `User-Agent` HTTP header, which can lead to cross-site scripting (XSS) attacks. Recommendations: For Ultimate PHP Board (UPB) versions 2.2.2 and earlier 2.x versions, update to a version that fixes this issue to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Implied by Design Micro CMS (Micro-CMS) version 3.5 (aka 0.3.5) **Description** The issue allows remote attackers to perform certain actions without requiring authentication as an administrator. This includes creating administrative accounts via an "add admin" action, removing administrative accounts via a "delete admin" action, and modifying administrative passwords via a "change password" action. **Recommendations** For Implied by Design Micro CMS (Micro-CMS) version 3.5 (aka 0.3.5), consider implementing proper authentication mechanisms to restrict access to administrative actions, such as "add admin", "delete admin", and "change password", until a patch is available. As a temporary workaround, restrict access to the microcms-admin-home.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SolarCMS versions 0.53.8 through 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter to the "indes.php" endpoint. Recommendations: For SolarCMS versions 0.53.8 through 1.0, consider restricting access to the `cat` parameter in the "indes.php" endpoint until a patch is available. Avoid using the `cat` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Private Messaging System (PMS) versions 1.2.3 and earlier Description: The issue concerns directory traversal vulnerabilities. Remote attackers can include and execute arbitrary files by using a .. (dot dot) in the `pun user[language]` parameter to various API endpoints, including "functions navlinks.php", "header new messages.php", "profile send.php", and "viewtopic PM-link.php" in the include/pms/ directory. Recommendations: For Private Messaging System (PMS) versions 1.2.3 and earlier, consider restricting access to the vulnerable API endpoints until a patch is available. As a temporary workaround, avoid using the `pun user[language]` parameter in the affected endpoints.

Name of the Vulnerable Software and Affected Versions: phpBB Small ShoutBox module version 1.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a delete action within the shoutbox view.php file. Recommendations: For phpBB Small ShoutBox module version 1.4, avoid using the `id` parameter in the delete action until the issue is resolved. As a temporary workaround, consider restricting access to the shoutbox view.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: nicLOR Sito (affected versions not specified) Description: The issue allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the `page file` parameter in includefile.php, particularly when register globals is enabled or magic quotes gpc is disabled. Recommendations: For all affected versions, consider disabling the register globals setting and enabling magic quotes gpc to minimize the risk of exploitation. As a temporary workaround, restrict access to the includefile.php file to prevent remote attackers from including and executing arbitrary files. Avoid using the `page file` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Openasp versions 3.0 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idpage` parameter in the pages module. Recommendations: For Openasp versions 3.0 and earlier, update to a version later than 3.0 to resolve the issue. As a temporary workaround, consider restricting access to the `idpage` parameter in the pages module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Galatolo WebManager versions 1.3a and earlier Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter in the "all.php" file. Recommendations: For Galatolo WebManager versions 1.3a and earlier, avoid using the `tag` parameter in the all.php file until a fix is available. As a temporary workaround, consider restricting access to the all.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Galatolo WebManager versions 1.3a and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the plugins/users/index.php file. Recommendations: For Galatolo WebManager versions 1.3a and earlier, avoid using the `id` parameter in the affected plugins/users/index.php file until a fix is available. Consider restricting access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.