Arfis

**Name of the Vulnerable Software and Affected Versions** awrate version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `toroot` parameter to specific PHP files, such as "404.php" or "topbar.php". **Recommendations** For awrate version 1.0, consider restricting access to the `toroot` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `toroot` parameter in the "404.php" and "topbar.php" files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpSCMS versions 0.0.1-Alpha1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir` parameter in the includes/functions.php file. This is a remote file inclusion issue. Note that the identified code is in a function that is not accessible via direct request, which is disputed by some sources. **Recommendations** For phpSCMS version 0.0.1-Alpha1, as a temporary workaround, consider restricting access to the `includes/functions.php` file or the `dir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Ark version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `cfg vcard path` parameter to "src/vcard inc.php" or the `cfg phpmailer path` parameter to "src/email inc.php". **Recommendations** For e-Ark version 1.0, consider restricting access to the `src/vcard inc.php` and `src/email inc.php` files to minimize the risk of exploitation. Avoid using the `cfg vcard path` and `cfg phpmailer path` parameters in the affected API endpoints until the issue is resolved.

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path to root is defined before use in all of the other files reported in the original disclosure

**Name of the Vulnerable Software and Affected Versions** Thierry Leriche Restaurant Management System (ReMaSys) version 0.5 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `DIR ROOT` parameter to "global.php", or the `DIR PAGE` parameter to "template/fr/page.php" or "page/fr/boxConnection.php". **Recommendations** For version 0.5, as a temporary workaround, consider restricting access to the `global.php`, `template/fr/page.php`, and `page/fr/boxConnection.php` files until a patch is available. Avoid using the `DIR ROOT` and `DIR PAGE` parameters in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Der Dirigent version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dedi path` parameter to various PHP files, including (1) `inc.generate code.php`, (2) `fnc.type forms.php`, or (3) `fnc.type.php` in `backend/inc/`, or via the `this dir` parameter to `backend/inc/class.filemanager.php`. Note that some vectors are disputed due to PHP encountering a fatal function-call error on a direct request for the file. **Recommendations** For Der Dirigent version 1.0, consider disabling the `inc.generate code.php`, `fnc.type forms.php`, `fnc.type.php`, and `class.filemanager.php` files until a patch is available. Restrict access to the `frontend.php` and `backend.php` files in `projekt01/cms/inc/` to minimize the risk of exploitation. Avoid using the `dedi path` and `this dir` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Puzzle Apps CMS version 2.2.1 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `MODULEDIR` parameter to various PHP files, including 'core/modules/my/my.module.php' and 'core/modules/xml/xml.module.php'. Additionally, the `COREROOT` parameter in files such as 'config.loader.php', 'platform.loader.php', and others in the 'core/' directory or 'install/steps/step 3.php' can be exploited. The `THISDIR` parameter in files like 'people.lib.php', 'general.lib.php', and others in 'core/modules/admin/libs/' or 'core/modules/webstat/MEC/index.php' is also vulnerable. **Recommendations** For Puzzle Apps CMS version 2.2.1, consider disabling the `MODULEDIR`, `COREROOT`, and `THISDIR` parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable modules and files, such as 'my.module.php', 'xml.module.php', 'config.loader.php', and others, to minimize the risk of exploitation. Avoid using the `MODULEDIR`, `COREROOT`, and `THISDIR` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nexty version 1.01.A Beta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `rel` parameter in the includes/functions/layout.php file. This is disputed because the applicable include is in a function that is not called on a direct request. **Recommendations** For Nexty version 1.01.A Beta, as a temporary workaround, consider restricting access to the `includes/functions/layout.php` file or disabling the functionality that uses the `rel` parameter until a patch is available. Avoid using the `rel` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UniversiBO version 1.3.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the htmls/forum/includes/topic review.php file. This is due to a remote file inclusion vulnerability. Note that this issue is disputed because the applicable include is in a function that is not called on a direct request. **Recommendations** For UniversiBO version 1.3.4, as a temporary workaround, consider restricting access to the `topic review.php` file until a patch is available. Avoid using the `phpbb root path` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phplist versions prior to 0.5-pre2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `nom rep systeme` parameter in the .systeme/fonctions.php file. **Recommendations** For versions prior to 0.5-pre2, avoid using the `nom rep systeme` parameter in the affected API endpoint until the issue is resolved. Restrict access to the .systeme/fonctions.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ClanLite version 1.23.01.2005 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path` parameter to specific PHP files, such as modules/serveur jeux.php or conf/conf-php.php. **Recommendations** For ClanLite version 1.23.01.2005, consider restricting access to the `modules/serveur jeux.php` and `conf/conf-php.php` files to minimize the risk of exploitation. Avoid using the `root path` parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ekke Doerre Contenido 42VariablVersion (42VV10) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfgPathInc` parameter to multiple PHP files, including `main upl.php`, `main con editside.php`, and others. Additionally, the `cfgPathContenido` or `cfgPathTpl` parameters in various files, such as `con show sidelist.inc.php` and `mod show modules.inc.php`, are also vulnerable. The estimated number of potentially affected devices is not specified. **Recommendations** For Ekke Doerre Contenido 42VariablVersion (42VV10), as a temporary workaround, consider disabling the vulnerable parameters `cfgPathInc`, `cfgPathContenido`, and `cfgPathTpl` until a patch is available. Restrict access to the vulnerable PHP files, such as `main upl.php` and `con show sidelist.inc.php`, to minimize the risk of exploitation. Avoid using the `cfgPathInc` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openEngine version 1.9 beta1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `this module path` parameter in the html/modules/extranet profile/main.php file. However, it is noted that PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement, which disputes the severity of this issue. **Recommendations** For openEngine version 1.9 beta1, consider restricting access to the `html/modules/extranet profile/main.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `this module path` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pSlash version 0.70 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `lvc admin dir` parameter to "modules/visitors2/admin/view-archiver.inc.php" or the `lvc include dir` parameter to "modules/visitors2/include/menus.inc.php". **Recommendations** For pSlash version 0.70, consider restricting access to the `modules/visitors2/admin/view-archiver.inc.php` and `modules/visitors2/include/menus.inc.php` files to minimize the risk of exploitation. Avoid using the `lvc admin dir` and `lvc include dir` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tell A Friend Script versions 2.4 through 2.7 before 20050305 **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `script root` parameter to reference a URL on a remote web server that contains the code. **Recommendations** For Tell A Friend Script versions 2.4 through 2.7 before 20050305, update to a version released after 20050305 to resolve the issue. As a temporary workaround, consider restricting access to the `tell a friend.inc.php` file to minimize the risk of exploitation. Avoid using the `script root` parameter in the affected script until the issue is resolved.