X0R

**Name of the Vulnerable Software and Affected Versions** Graugon PHP Article Publisher version 1.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `g admin` cookie to 1, effectively allowing unauthorized access to administrative functions. **Recommendations** For Graugon PHP Article Publisher version 1.0, consider disabling access to the admin.php file until a proper authentication mechanism is implemented to prevent unauthorized administrative access. Restrict access to the `g admin` cookie to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Graugon PHP Article Publisher version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `c` parameter to "index.php" and the `id` parameter to "view.php". **Recommendations** For Graugon PHP Article Publisher version 1.0, consider validating and sanitizing user input for the `c` parameter in "index.php" and the `id` parameter in "view.php" to prevent SQL injection attacks. As a temporary workaround, restrict access to "index.php" and "view.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Rat CMS Alpha 2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user id` and `password` parameters in the login.php file. **Recommendations** For The Rat CMS Alpha 2, consider restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `user id` and `password` parameters in the affected login.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute Newsletter versions 6.0 through 6.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For versions 6.0 through 6.1, update to a version that fixes this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FlexPHPDirectory version 0.0.1 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `add.php` file, and then accessing it via a direct request to the file in the `photo/` directory. Recommendations: For FlexPHPDirectory version 0.0.1, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the `add.php` file and the `photo/` directory to minimize the risk of exploitation. Avoid using the file upload feature in `add.php` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: FlexPHPDirectory version 0.0.1 Description: The issue concerns SQL injection vulnerabilities in the admin/usercheck.php file. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the `checkuser` and `checkpass` parameters in the /admin/usercheck.php API endpoint. Recommendations: For FlexPHPDirectory version 0.0.1, consider disabling the `checkuser` and `checkpass` parameters in the admin/usercheck.php file until a patch is available. Restrict access to the admin/usercheck.php endpoint to minimize the risk of exploitation. Avoid using the `checkuser` and `checkpass` parameters in this endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: FlexPHPLink Pro versions 0.0.6 through 0.0.7 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `checkuser` parameter (also known as the `username` field) or the `checkpass` parameter (also known as the `password` field) in the admin/usercheck.php file when magic quotes gpc is disabled. Recommendations: For FlexPHPLink Pro versions 0.0.6 through 0.0.7, consider disabling the admin/usercheck.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to minimize the risk of SQL injection attacks. Avoid using the `checkuser` and `checkpass` parameters in the affected admin/index.php endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WEBBDOMAIN Post Card (aka Web Postcards) versions 1.02 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "getin.php" file. **Recommendations** For versions 1.02 and earlier, update to a version later than 1.02 to resolve the issue. As a temporary workaround, consider restricting access to the "getin.php" file or validating and sanitizing the `username` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** PhpAddEdit version 1.3 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `addedit` cookie parameter in the login.php file. **Recommendations** For PhpAddEdit version 1.3, consider restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `addedit` cookie parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** S-Cms version 1.1 Stable **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "admin/delete page.php" endpoint. **Recommendations** For S-Cms version 1.1 Stable, avoid using the `id` parameter in the "admin/delete page.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "admin/delete page.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pHNews Alpha 1 **Description** The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request for the `extra/genbackup.php` endpoint. **Recommendations** For pHNews Alpha 1, restrict access to the `extra/genbackup.php` endpoint to prevent unauthorized database downloads. Consider implementing proper access controls for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** S-Cms version 1.1 Stable **Description** The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by setting an OK value for the `login` cookie. **Recommendations** For S-Cms version 1.1 Stable, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the `login` cookie with an OK value in the affected authentication process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** txtSQL version 2.2 Final **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in the login.php script of the smNews example. **Recommendations** For txtSQL version 2.2 Final, consider restricting access to the login.php script until a patch is available, and avoid using the `username` parameter in the affected script to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: InSun Feed CMS version 1.7.3 19Beta Description: The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `lang` parameter in the "index.php" file. Recommendations: For InSun Feed CMS version 1.7.3 19Beta, as a temporary workaround, consider restricting access to the `lang` parameter in the "index.php" file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Acc Autos version 4.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting the `username cookie` to "admin", the `right cookie` to "1", and the `id cookie` to "1". Recommendations: For Acc Autos version 4.0, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the `username cookie`, `right cookie`, and `id cookie` variables in a way that could allow unauthorized access. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: E-topbiz Link Back Checker version 1 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting the `auth` cookie to `admin`. Recommendations: For E-topbiz Link Back Checker version 1, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid relying solely on the `auth` cookie for authentication.

**Name of the Vulnerable Software and Affected Versions** BlueBird Prelease (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` and `passwd` parameters in the login.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Auth Php version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` and `passwd` parameters. **Recommendations** For Auth Php version 1.0, consider validating and sanitizing user input for the `username` and `passwd` parameters to prevent SQL injection attacks. As a temporary workaround, restrict access to the login functionality until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Potato News version 1.0.0 **Description** The issue allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the `user` cookie parameter in the "admin.php" endpoint. **Recommendations** For Potato News version 1.0.0, consider restricting access to the "admin.php" endpoint until a patch is available, and avoid using the `user` cookie parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Scripts For Sites (SFS) Hotscripts-like Site (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the software-description.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.