Tgo

**Name of the Vulnerable Software and Affected Versions** Beehive Forum (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `webtag` parameter in the "index.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beehive Forum (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities in index.php and other pages of Beehive Forum. Remote attackers can execute arbitrary SQL commands via the `webtag` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beehive Forum (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved via an invalid `final uri` or `sort by` parameter to "index.php" or by making a direct request to certain files, including "admin.php", "attachments.inc.php", "banned.inc.php", "beehive.inc.php", "constants.inc.php", "db.inc.php", "dictionary.inc.php", or "search index.php". These actions can reveal the path in an error message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Surveyor version 0.98 **Description** The issue allows remote attackers to trigger SQL errors by omitting parameters to specific API endpoints, including "browse.php", "export.php", "conditions.php", and "spss.php". **Recommendations** For PHP Surveyor version 0.98, consider restricting access to the mentioned API endpoints until a fix is available, and ensure that all parameters are properly validated and sanitized to prevent SQL errors.

**Name of the Vulnerable Software and Affected Versions** PHP Surveyor version 0.98 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different PHP files, including `sid`, `start`, and `id` parameters to "browse.php", the `sid` parameter to "dataentry.php", "export.php", "admin.php", "conditions.php", "spss.php", "deletesurvey.php", "dumpsurvey.php", or "statistics.php", or the `lid` parameter to "labels.php" or "dumplabel.php". **Recommendations** For PHP Surveyor version 0.98, consider restricting access to the vulnerable parameters `sid`, `start`, `id`, and `lid` in the affected PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the respective API endpoints.

**Name of the Vulnerable Software and Affected Versions** PHP Surveyor version 0.98 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `sid`, `start`, and `id` parameters to the "browse.php" endpoint, or the `sid` parameter to the "dataentry.php" or "export.php" endpoints. **Recommendations** For PHP Surveyor version 0.98, as a temporary workaround, consider restricting access to the vulnerable parameters `sid`, `start`, and `id` in the "browse.php" endpoint, and the `sid` parameter in the "dataentry.php" and "export.php" endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Surveyor version 0.98 **Description** The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, including `question.php`, `survey.php`, `group.php`, `database.php`, `sessioncontrol.php`, `html.php`, or by providing invalid parameters such as `qid` to `dumpquestion.php` or `lid` to `labels.php` or `dumplabel.php`, which reveal the path in an error message. **Recommendations** For PHP Surveyor version 0.98, consider restricting access to the sensitive PHP files and validating user input to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the `question.php`, `survey.php`, `group.php`, `database.php`, `sessioncontrol.php`, and `html.php` files, and validate the `qid` and `lid` parameters in `dumpquestion.php`, `labels.php`, and `dumplabel.php` to prevent error messages that reveal the path.