Vipsta

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to obtain sensitive information via a ' (quote) character in the `cid` parameter, which reveals the path in a forced SQL error message. **Recommendations** For LiveCMS versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the `categoria.php` file to minimize the risk of exploitation. Avoid using the `cid` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the `titulo` parameter in the "article.php" endpoint. **Recommendations** For versions 3.4 and earlier, consider restricting access to the `article.php` endpoint until a fix is available, and avoid using the `titulo` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for a small image associated with an article. **Recommendations** For LiveCMS versions 3.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the categoria.php file. **Recommendations** For LiveCMS versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the categoria.php file or avoiding the use of the `cid` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 8pixel.net Simple Blog versions 2.3 and earlier **Description** The issue allows remote attackers to conduct SQL injection attacks via ">" characters in the `id` parameter, which are not filtered by the protection mechanism in the default.asp file. **Recommendations** For versions 2.3 and earlier, consider restricting access to the default.asp file or the `id` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected default.asp file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** eFiction versions prior to 2.0.7 **Description** The issue allows remote attackers to bypass authentication and gain privileges. This is achieved by setting the `adminloggedin`, `loggedin`, and `level` parameters to "1". **Recommendations** For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `index.php` file until the update is applied. Avoid using the parameters `adminloggedin`, `loggedin`, and `level` in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Blog System version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the `cat` parameter in "index.php" and the `note` parameter in "blog.php". **Recommendations** For Blog System version 1.2, consider restricting access to the `cat` parameter in "index.php" and the `note` parameter in "blog.php" to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved.