Wishnusakti

**Name of the Vulnerable Software and Affected Versions** Bacula-Web version 5.2.10 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `jobid` parameter in the joblogs.php file. **Recommendations** For Bacula-Web version 5.2.10, avoid using the `jobid` parameter in the joblogs.php file until the issue is resolved. As a temporary workaround, consider restricting access to the joblogs.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Archery Scores (com archeryscores) version 1.0.6 for Joomla! **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For Archery Scores (com archeryscores) version 1.0.6, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component Graphics (com graphics) versions 1.0.6 and 1.5.0 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For version 1.0.6, update to a version that fixes this issue. For version 1.5.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "graphics.php" file in the Graphics component until a patch is available.