Sub-Zero

Name of the Vulnerable Software and Affected Versions: Peel version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `rubid` parameter in the "lire/index.php" endpoint. Recommendations: For version 3.1, consider restricting access to the `lire/index.php` endpoint until a patch is available, and avoid using the `rubid` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dawningsoft PowerCHM version 5.7 **Description** The issue is a stack-based buffer overflow that can be triggered by a remote attacker using an HTML file with a link to a long URL, potentially causing a denial of service (application crash) and possibly allowing the execution of arbitrary code. This can be demonstrated with a .rar URL. **Recommendations** For Dawningsoft PowerCHM version 5.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpMesFilms versions 1.0 through 1.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "index.php" file. **Recommendations** For PhpMesFilms versions 1.0 through 1.8, consider restricting access to the `id` parameter in the "index.php" file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Netref version 4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to API endpoints such as "fiche product.php" and "presentation.php". **Recommendations** For Netref version 4.0, consider restricting access to the `id` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in "fiche product.php" and "presentation.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EsFaq version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idcat` parameter in the questions.php file. **Recommendations** For EsFaq version 2.0, restrict access to the `idcat` parameter in the questions.php file to minimize the risk of exploitation. Consider validating and sanitizing user input for the `idcat` parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.