Botan

**Name of the Vulnerable Software and Affected Versions** Artmedic Links version 5.0 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `id` parameter, which is processed by the `readfile` function. **Recommendations** For Artmedic Links version 5.0, consider disabling the `readfile` function or restricting access to the `id` parameter in the index.php file until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AnnonceV (aka annoncesV) version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter in the annonce.php file. **Recommendations** For AnnonceV (aka annoncesV) version 1.1, consider restricting access to the annonce.php file to minimize the risk of exploitation. Avoid using the `page` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GrapAgenda versions 0.11 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via the `page` parameter in `index.php` when `register globals` is enabled. **Recommendations** For GrapAgenda versions 0.11 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SOLMETRA SPAW Editor versions 1.0.6 through 1.0.7 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `spaw dir` parameter in various scripts, including "a.php", "collorpicker.php", "img.php", "img library.php", "table.php", or "td.php". **Recommendations** For versions 1.0.6 and 1.0.7, consider restricting access to the `spaw dir` parameter in the affected scripts to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of PHP code in the dialogs/scripts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Knusperleicht Faq version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `faq path` parameter in the index.php file. **Recommendations** For Knusperleicht Faq version 1.0, avoid using the `faq path` parameter in the index.php file until the issue is resolved. Consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Knusperleicht Guestbook version 3.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GB PATH` parameter in the index.php file. **Recommendations** For Knusperleicht Guestbook version 3.5, consider restricting access to the `GB PATH` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `GB PATH` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Savant2 (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in multiple Savant2 plugin files. This could potentially affect devices using Savant2, possibly in conjunction with the com mtree component for Mambo and Joomla!. **Recommendations** As a temporary workaround, consider disabling the `mosConfig absolute path` parameter in the affected Savant2 plugin files until a patch is available. Restrict access to the Savant2 plugin files to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteBar versions 3.3.8 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `command` parameter in the "command.php" file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For SiteBar versions 3.3.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MF Piadas version 1.0 **Description** A remote file inclusion issue in the admin/admin.php file allows remote attackers to execute arbitrary PHP code via the `page` parameter. This can also lead to cross-site scripting, likely due to the inclusion of HTML or script files. **Recommendations** For MF Piadas version 1.0, consider restricting access to the `admin/admin.php` file and validating the `page` parameter to prevent remote file inclusion until a patch is available. As a temporary workaround, avoid using the `page` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP iCalendar versions 2.22 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `cal` parameter in the rss/index.php file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For PHP iCalendar versions 2.22 and earlier, update to a version later than 2.22 to resolve the issue. As a temporary workaround, consider restricting access to the rss/index.php file to minimize the risk of exploitation. Avoid using the `cal` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Teake Nutma Foing versions 0.2.0 through 0.7.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in various PHP files, including "index.php", "song.php", "faq.php", "list.php", "gen m3u.php", and "playlist.php". **Recommendations** For Teake Nutma Foing versions 0.2.0 through 0.7.0, consider restricting access to the `phpbb root path` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `phpbb root path` parameter in the affected API endpoints, such as "index.php", "song.php", "faq.php", "list.php", "gen m3u.php", and "playlist.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SpiffyJr phpRaid versions 2.9.5 through 3.0.b3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in specific parameters when certain portals are enabled. This can be achieved through the `phpbb root path` parameter in (1) auth.php and (2) auth phpbb when the phpBB portal is enabled, and via the `smf root path` parameter in (3) auth.php and (4) auth SMF when the SMF portal is enabled. **Recommendations** For SpiffyJr phpRaid versions 2.9.5 through 3.0.b3, consider disabling the phpBB and SMF portals until a patch is available to prevent exploitation. Restrict access to the auth.php and auth phpbb/auth SMF files to minimize the risk of arbitrary PHP code execution. Avoid using the `phpbb root path` and `smf root path` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Artmedic Event (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `page` parameter in the `event/index.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wingnut EasyGallery (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `ordner` parameter in EasyGallery.php. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ContentBoxX (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `action` parameter in the "login.php" file. **Recommendations** For ContentBoxX, consider restricting access to the vulnerable "login.php" file until a patch is available. As a temporary workaround, avoid using the `action` parameter in the login.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** myWebland myEvent versions 1.2 through 1.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `myevent path` parameter in event.php and initialize.php. **Recommendations** For versions 1.2 through 1.4, consider restricting access to the `myevent path` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `myevent path` parameter in event.php and initialize.php until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpLister version 0.4.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in index.php. **Recommendations** For version 0.4.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `page` parameter in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpFaber TopSites (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in the "index.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calendarix (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `ycyear` parameter in the yearcal.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Conftool version 1.1 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in the index.php file. Recommendations: For Conftool version 1.1, update the index.php file to properly sanitize the `page` parameter to prevent XSS attacks.