Stephan Sattler

**Name of the Vulnerable Software and Affected Versions** Joomla! component com aardvertiser versions 2.1 through 2.1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat name` parameter in a view action to "index.php". **Recommendations** For versions 2.1 through 2.1.1, avoid using the `cat name` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable component com aardvertiser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Primitive CMS version 1.0.9 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved by exploiting SQL injection vulnerabilities in the `cms write.php` file via the `title` and `menutitle` parameters. **Recommendations** For Primitive CMS version 1.0.9, avoid using the `title` and `menutitle` parameters in the `cms write.php` file until a patch is available. As a temporary workaround, consider restricting access to the `cms write.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Primitive CMS version 1.0.9 **Description** The issue allows remote attackers to gain administrative privileges via a direct request to the cms write.php file, which does not properly restrict access. This can be leveraged to conduct cross-site scripting attacks using the `title`, `content`, and `menutitle` parameters. **Recommendations** For Primitive CMS version 1.0.9, restrict access to the cms write.php file to prevent unauthorized requests. As a temporary workaround, consider disabling the cms write.php file until a patch is available. Avoid using the `title`, `content`, and `menutitle` parameters in the affected API endpoint until the issue is resolved.