Tomplixsee

**Name of the Vulnerable Software and Affected Versions** Gerd Tentler Simple Forum version 3.2 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `file` parameter of the thumbnail.php file. **Recommendations** For version 3.2, consider restricting access to the thumbnail.php file until a patch is available, or apply a configuration change to prevent directory traversal attacks by properly sanitizing the `file` parameter.

**Name of the Vulnerable Software and Affected Versions** Gerd Tentler Simple Forum version 3.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `open` and `date show` parameters in the forum.php file. **Recommendations** For Gerd Tentler Simple Forum version 3.2, as a temporary workaround, consider restricting access to the forum.php file until a patch is available. Avoid using the `open` and `date show` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aliTalk version 1.9.1.1 **Description** The issue concerns improper authentication verification in the inc/elementz.php file, allowing remote attackers to add arbitrary user accounts. This is achieved by modifying the `lilil` parameter, in conjunction with the `ubild` and `pa` parameters. **Recommendations** For aliTalk version 1.9.1.1, consider restricting access to the inc/elementz.php file until a proper fix is available, and avoid using the `lilil`, `ubild`, and `pa` parameters in a way that could facilitate unauthorized user account additions.

**Name of the Vulnerable Software and Affected Versions** aliTalk version 1.9.1.1 **Description** The issue allows remote authenticated users and attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `mohit` parameter to "inc/receivertwo.php", the `id` parameter to "inc/usercp.php", and the `username` parameter to "admin/index.php" or "index.php". The vulnerability is related to functions in "functionz/usercp.php" and "functionz/first process.php". **Recommendations** For aliTalk version 1.9.1.1, consider disabling the `mohit`, `id`, and `username` parameters in the respective API endpoints until a patch is available. Restrict access to the "inc/receivertwo.php", "inc/usercp.php", "admin/index.php", and "index.php" files to minimize the risk of exploitation. Additionally, enabling magic quotes gpc can help mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** Project Alumni version 1.0.9 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `act` parameter. **Recommendations** For Project Alumni version 1.0.9, consider restricting access to the vulnerable `index.php` file until a patch is available. As a temporary workaround, avoid using the `act` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** project alumni versions 1.0.9 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `year` parameter to API endpoints such as "xml/index.php" or "view.page.inc.php", which can be reached through a view action to the top-level "index.php". This can lead to cross-site scripting (XSS) attacks. **Recommendations** For project alumni versions 1.0.9 and earlier, avoid using the `year` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "xml/index.php" and "view.page.inc.php" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** project alumni versions 1.0.9 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `year` parameter to (1) "view.page.inc.php", which is reachable through a view action to "index.php", or (2) the `year` parameter to "news.page.inc.php", which is reachable through a news action to "index.php". **Recommendations** For project alumni versions 1.0.9 and earlier, consider restricting access to the `view.page.inc.php` and `news.page.inc.php` files until a patch is available. As a temporary workaround, avoid using the `year` parameter in the affected API endpoints.