Ahmadbady

**Name of the Vulnerable Software and Affected Versions** Phpkobo AdFreely (aka Ad Board Script) version 1.01 **Description** The issue allows remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the `LANG CODE` parameter to various files, including common.inc.php in multiple directories such as codelib/cfg/, codelib/sys/, staff/, staff/app/, and staff/file.php, when magic quotes gpc is disabled. **Recommendations** For Phpkobo AdFreely (aka Ad Board Script) version 1.01, consider disabling the `LANG CODE` parameter in the affected files until a patch is available. Restrict access to the common.inc.php file in the mentioned directories to minimize the risk of exploitation. Additionally, enable magic quotes gpc to prevent this type of attack.

**Name of the Vulnerable Software and Affected Versions** Geekhelps ADMP version 1.01 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `click` parameter in the bannershow.php file. **Recommendations** For Geekhelps ADMP version 1.01, consider restricting access to the bannershow.php file until a patch is available, and avoid using the `click` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Geekhelps ADMP version 1.01 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `style` parameter to various PHP files in the themes/ directory, including (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php. This is possible when `magic quotes gpc` is disabled. **Recommendations** For Geekhelps ADMP version 1.01, consider disabling the execution of PHP files in the themes/ directory or restricting access to these files until a patch is available. Additionally, enabling `magic quotes gpc` may help mitigate the issue.

Name of the Vulnerable Software and Affected Versions: mxCamArchive version 2.2 Description: The issue allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the `description` parameter in admin/admin.php, which is then executed by the invocation of index.php. Recommendations: For mxCamArchive version 2.2, avoid using the `description` parameter in the admin/admin.php file until a fix is available. As a temporary workaround, consider restricting access to the admin/admin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: mxCamArchive version 2.2 Description: The issue allows remote attackers to obtain configuration details and passwords due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for `archive/config.ini`. Recommendations: For mxCamArchive version 2.2, consider restricting access to the `archive/config.ini` file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to this file until a more permanent solution is available.

Name of the Vulnerable Software and Affected Versions: phpAdBoard version 1.8 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to index.php, then accessing it via a direct request to the file in the photoes/ directory. This is due to an unrestricted file upload vulnerability. Recommendations: For phpAdBoard version 1.8, restrict file uploads to only allow non-executable file extensions to prevent arbitrary code execution. As a temporary workaround, consider restricting access to the photoes/ directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oramon Oracle Database Monitoring Tool version 2.0.1 Description: The issue allows remote attackers to download a database containing credentials due to insufficient access control of sensitive information stored under the web root. This can be achieved via a direct request for the config/oramon.ini file. Recommendations: For Oramon Oracle Database Monitoring Tool version 2.0.1, consider restricting access to the config/oramon.ini file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to this file until a more permanent solution is available.

**Name of the Vulnerable Software and Affected Versions** PHP-Sugar version 0.80 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a ..// (dot dot slash slash) in the `t` parameter of the test/index.php file. **Recommendations** For PHP-Sugar version 0.80, consider restricting access to the test/index.php file until a patch is available, and avoid using the `t` parameter with unvalidated input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jax FormMailer version 3.0.0 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `BASE DIR[jax formmailer]` parameter in the formmailer.admin.inc.php file. **Recommendations** For Jax FormMailer version 3.0.0, consider restricting access to the `formmailer.admin.inc.php` file and avoid using the `BASE DIR[jax formmailer]` parameter with untrusted input until a patch is available.

Name of the Vulnerable Software and Affected Versions: phpGreetCards version 3.7 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension to index.php, then accessing it via a link listed by userfiles/number shell.php. Recommendations: For phpGreetCards version 3.7, consider restricting or disabling file uploads in index.php until a patch is available to prevent the execution of arbitrary PHP code. As a temporary workaround, restrict access to the userfiles/number shell.php script to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpGreetCards version 3.7 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `category` parameter in a select action. Recommendations: For phpGreetCards version 3.7, consider restricting access to the vulnerable `index.php` file until a patch is available, and avoid using the `category` parameter in the select action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeWebshop.org version 2.2.9 R2 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the includes/startmodules.inc.php file when register globals is enabled. The vulnerability can be triggered via a .. (dot dot) in the `lang file` parameter. **Recommendations** For FreeWebshop.org version 2.2.9 R2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/startmodules.inc.php file and avoid using the `lang file` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** phpFK version 7.03 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the ` FORUM[settings design style]` parameter in the include/page bottom.php file. **Recommendations** For phpFK version 7.03, restrict access to the include/page bottom.php file to minimize the risk of exploitation. Avoid using the ` FORUM[settings design style]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SiteX versions 0.7.4 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `THEME FOLDER` parameter to various API endpoints, including "Corporate/homepage.php", "Fusion/homepage.php", "Joombo/homepage.php", "Streamline/homepage.php", and "Structure/homepage.php" in themes/. Recommendations: For SiteX versions 0.7.4 and earlier, as a temporary workaround, consider restricting access to the `THEME FOLDER` parameter in the affected API endpoints until a patch is available. Avoid using the `THEME FOLDER` parameter with untrusted input in the affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: pluck version 4.6.2 Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `langpref` parameter to specific PHP files, including (1) "data/modules/contactform/module info.php", (2) "data/modules/blog/module info.php", and (3) "data/modules/albums/module info.php". This is possible when register globals is enabled. Recommendations: For pluck version 4.6.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable modules, specifically data/modules/contactform, data/modules/blog, and data/modules/albums, until a patch is available. Avoid using the `langpref` parameter in the affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Flyspeck CMS version 6.8 Description: The issue allows remote attackers to create or modify admin accounts without requiring administrative authentication for the updateExistingContent action. This is achieved by manipulating specific parameters in the request, including `users[fullname]`, `users[email]`, `users[role id]`, `users[username]`, and `users[password]`. Recommendations: For Flyspeck CMS version 6.8, ensure that administrative authentication is properly enforced for the updateExistingContent action to prevent unauthorized modifications to admin accounts. As a temporary workaround, consider restricting access to the updateExistingContent action until a proper fix is implemented.

Name of the Vulnerable Software and Affected Versions: TinyButStrong version 3.4.0 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `script` parameter. Recommendations: For TinyButStrong version 3.4.0, consider restricting access to the `examples/tbs us examples 0view.php` script until a patch is available. As a temporary workaround, avoid using the `script` parameter with untrusted input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Simple Customer version 1.3 Description: The issue allows remote attackers to change the admin e-mail address and password without requiring administrative authentication. This can be achieved by modifying the `email` and `password` parameters in the profile.php file. Recommendations: For Simple Customer version 1.3, consider temporarily restricting access to the profile.php file until a patch is available. As a mitigation measure, avoid using the `email` and `password` parameters in the profile.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Qt quickteam 2 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the `qte web path` parameter to "qte web.php" and the `qte root` parameter to "bin/qte init.php". Recommendations: For Qt quickteam 2, consider disabling the `qte web.php` and `bin/qte init.php` scripts until a patch is available. Restrict access to the `qte web path` and `qte root` parameters to minimize the risk of exploitation. Avoid using the `qte web path` and `qte root` parameters in the affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: KoschtIT Image Gallery version 1.82 Description: The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by using directory traversal sequences in the `file` parameter to specific API endpoints, such as "/ki base/ki makepic.php" and "/ki base/ki nojsdisplayimage.php". Recommendations: For KoschtIT Image Gallery version 1.82, consider restricting access to the `ki makepic.php` and `ki nojsdisplayimage.php` files in the `ki base/` directory until a patch is available. Avoid using the `file` parameter in these API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.