Valentin Hoebel

**Name of the Vulnerable Software and Affected Versions** Joomla! component com restaurantguide version 1.0.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a "country" action to "index.php". **Recommendations** For version 1.0.0, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "index.php" endpoint with a "country" action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com restaurantguide version 1.0.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character. **Recommendations** For version 1.0.0, update the com restaurantguide component to a version that fixes this issue, as using outdated components can pose significant security risks.

**Name of the Vulnerable Software and Affected Versions** PaysiteReviewCMS version 1.1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the "q" parameter to the "search.php" endpoint and the "image" parameter to the "image.php" endpoint are affected. **Recommendations** For PaysiteReviewCMS version 1.1, as a temporary workaround, consider restricting access to the "search.php" and "image.php" endpoints until a patch is available. Avoid using the `q` parameter in the "search.php" endpoint and the `image` parameter in the "image.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneOrZero AIMS versions 2.6.0 through 2.7.0 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the `id` parameter in a "saved search" action and the `item types` parameter in a "show item search" action within the "search management manage" subcontroller. **Recommendations** For OneOrZero AIMS versions 2.6.0 through 2.7.0, consider restricting access to the "search management manage" subcontroller until a patch is available. As a temporary workaround, avoid using the `id` and `item types` parameters in the affected actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! JSupport (com jsupport) component version 1.5.6 **Description** The issue allows remote authenticated users with Public Back-end permissions to execute arbitrary SQL commands. This is achieved by exploiting the `alpha` parameter in either a `listTickets` or `listFaqs` action to `administrator/index.php`. **Recommendations** For version 1.5.6, consider restricting access to the `administrator/index.php` endpoint, specifically for the `listTickets` and `listFaqs` actions, until a fix is available. As a temporary workaround, avoid using the `alpha` parameter in these actions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! JSupport (com jsupport) component version 1.5.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `subject` parameter (title field) in a saveTicket action to "index2.php". **Recommendations** For version 1.5.6, consider restricting access to the saveTicket action in index2.php to minimize the risk of exploitation, and avoid using the `subject` parameter in this action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OneOrZero AIMS version 2.6.0 Members Edition **Description** A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved through directory traversal sequences in the `controller` parameter in a `show report` action. **Recommendations** For OneOrZero AIMS version 2.6.0 Members Edition, consider restricting access to the `show report` action until a patch is available. As a temporary workaround, limit the use of the `controller` parameter to prevent directory traversal sequences.

**Name of the Vulnerable Software and Affected Versions** GaleriaSHQIP version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the magic quotes gpc setting is disabled. The `album id` parameter is used in the exploitation. **Recommendations** For GaleriaSHQIP version 1.0, consider enabling the magic quotes gpc setting to prevent SQL injection attacks. Additionally, restrict access to the "index.php" file until a proper fix is applied, and avoid using the `album id` parameter in sensitive queries. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com golfcourseguide versions 0.9.6.0 beta through 1 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a `golfcourses` action to `index.php`. **Recommendations** For versions 0.9.6.0 beta through 1 beta, avoid using the `id` parameter in the `golfcourses` action to `index.php` until the issue is resolved. Consider restricting access to the `index.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jeajaxeventcalendar versions 1.0.1 and 1.0.3 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `view` parameter to "index.php". **Recommendations** For version 1.0.1, update or apply a patch to fix the directory traversal issue. For version 1.0.3, update or apply a patch to fix the directory traversal issue. As a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available. Avoid using the `view` parameter in the affected "index.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com grid) component. Remote attackers can inject arbitrary web script or HTML via the `data search` and `rpp` parameters to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com qpersonel versions 1.0.2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `katid` parameter in a "qpListele" action to "index.php". **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the "qpListele" action in "index.php" to minimize the risk of exploitation. Avoid using the `katid` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JoltCard (com joltcard) version 1.2.1 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cardID` parameter in a view action to "index.php". **Recommendations** For JoltCard (com joltcard) version 1.2.1, avoid using the `cardID` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** dl stats versions prior to 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to API endpoints such as "download.php" and "view file.php". **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "download.php" and "view file.php" endpoints to minimize the risk of exploitation. Avoid using the `id` parameter in these affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** dl stats versions prior to 2.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `id` parameter in the download proc.php file. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the download proc.php file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jp jobs versions 1.4.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a detail action to the "index.php" endpoint. **Recommendations** For versions 1.4.1 and earlier, consider restricting access to the vulnerable component com jp jobs until a patch is available. Avoid using the `id` parameter in the detail action to the "index.php" endpoint until the issue is resolved.