Application: CMS Made Simple
Affected Version: version 1.2.4 and prior versions.
Vendor’s URL: CMS Made Simple
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 1.2.5.

Access Bypass, Content Management

Application: AJ E-Commerce
Affected Version: version 2.0 and other versions.
Vendor’s URL: AJ E-Commerce
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

E-Commerce, SQL Injection

Application: CMS Faethon
Affected Version: version 2.2 and other versions.
Vendor’s URL: CMS Faethon
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, Cross Site Scripting

Application: fipsCMS
Affected Version:
Vendor’s URL: fipsCMS
Bug Type: SQL Injecton
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: Galleristic
Affected Version: version 1.0 and other versions.
Vendor’s URL: Galleristic
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Image Galleries, SQL Injection

Application: Maian Guestbook
Affected Version: version 3.2 and other versions.
Vendor’s URL: Maian Guestbook
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Cross Site Scripting

Application: SazCart
Affected Version: version 1.5.1 and other versions.
Vendor’s URL: SazCart
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized.
Set “register_globals” to “Off” and “magic_quotes_gpc” to “On”.

E-Commerce, SQL Injection

Application: Joomla
Affected Version: version 1.6 and other versions.
Vendor’s URL: Joomla DatsoGallery Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized

Content Management, SQL Injection

Application: phpDirectorySource
Affected Version: version 1.1.06 and other versions.
Vendor’s URL: phpDirectorySource
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

General Purpose Directories, SQL Injection

Application: Auction XL
Affected Version:
Vendor’s URL: Auction XL
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

SQL Injection

Application: Miniweb
Affected Version: version 2.0 and other versions.
Vendor’s URL: Miniweb
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

SQL Injection

Application: Online Rental Property Script
Affected Version: version 4.5 and other versions.
Vendor’s URL: Online Rental Property Script
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Filter malicious characters and character sequences using a proxy.

SQL Injection

Application: ITCms
Affected Version: version 1.9 and other versions.
Vendor’s URL: ITCms
Bug Type: Code execution
Risk Level: Critical

Solution:
Restrict access to trusted users only.

Content Management, Remote Command Execution

Application: DeluxeBB
Affected Version: version 1.2 and other versions.
Vendor’s URL: DeluxeBB
Bug Type: SQL Injection and code execution
Risk Level: Critical

Solution:
Apply the Patch.

Discussion Boards, File Inclusion, SQL Injection

Application: Maian Weblog
Affected Version: version 4.0 and other versions.
Vendor’s URL: Maian Weblog
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Blogs, Cross Site Scripting

Application: Harris WapChat
Affected Version: version 1.0 and other versions.
Vendor’s URL: Harris WapChat
Bug Type: File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified.
Use another product.

File Inclusion

Application: BlogMe
Affected Version: version 1.1 and other versions.
Vendor’s URL: BlogMe
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Blogs, SQL Injection

Application: Jokes Site Script
Affected Version:
Vendor’s URL: Jokes Site Script
Bug Type: SQL Injection
Risk Level: Critical

Solution:
dit the source code to ensure that input is properly sanitized.

SQL Injection

Application: FluentCMS
Affected Version: version 4.x
Vendor’s URL: FluentCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Content Management, SQL Injection

Application: XOOPS
Affected Version: BackPack version 0.91 and earlier
BmSurvey version 0.84 and earlier
bb_fileup version 1.83 and earlier
News_embed (news_fileup) version 1.44 and earlier
PopnupBlog version 3.19 and earlier
Vendor’s URL: XOOPS Various Bluemoon inc. Modules
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to BackPack version 0.93, BmSurvey version 0.85, newbb_fileup version 1.84, News_embed version 1.45, and PopnupBlog version 3.20.

Content Management, Cross Site Scripting