T3Qui1A

**Name of the Vulnerable Software and Affected Versions** Kliqqi-CMS version 2.0.2 **Description** The issue allows attackers to gain escalated privileges and execute arbitrary code through a SQL Injection vulnerability in the admin/admin update module widgets.php file, specifically in the `recordIDValue` parameter. **Recommendations** For Kliqqi-CMS version 2.0.2, consider restricting access to the admin/admin update module widgets.php file until a patch is available, and avoid using the `recordIDValue` parameter in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is a time-based SQL injection vulnerability. It occurs via the `recordIDValue` parameter in the admin update module widgets.php file. Recommendations: For Pligg CMS version 2.0.2, as a temporary workaround, consider restricting access to the admin update module widgets.php file until a patch is available. Avoid using the `recordIDValue` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UReport version 2.2.9 Description: The issue allows attackers to detect intranet device ports through a Server-Side Request Forgery (SSRF) in the designer page. Recommendations: For UReport version 2.2.9, consider restricting access to the designer page as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: UReport version 2.2.9 Description: The issue allows attackers to execute arbitrary code due to a lack of access control to the designer page. Recommendations: For UReport version 2.2.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UReport version 2.2.9 Description: An arbitrary file creation issue allows attackers to execute arbitrary code. Recommendations: For UReport version 2.2.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MetInfo version 7.0.0 Description: The issue is a SQL injection vulnerability. It can be exploited via the "admin/?n=logs&c=index&a=dodel" API endpoint. The vulnerability allows for SQL injection attacks, potentially leading to unauthorized access to sensitive data. Recommendations: For MetInfo version 7.0.0, as a temporary workaround, consider restricting access to the "admin/?n=logs&c=index&a=dodel" API endpoint until a patch is available. Avoid using the `a` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.