Darklife

**Name of the Vulnerable Software and Affected Versions** Micronation Banking System version 1.5.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the `minsoft path` parameter to specific API endpoints, such as "utdb access.php" and "utgn message.php" in the utility/ directory. **Recommendations** For Micronation Banking System version 1.5.0, consider restricting access to the `utdb access.php` and `utgn message.php` files in the utility/ directory until a patch is available. Avoid using the `minsoft path` parameter in these API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Agares Media ThemeSiteScript version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `loadadminpage` parameter in the upload/admin/frontpage right.php file. **Recommendations** For Agares Media ThemeSiteScript version 1.0, consider restricting access to the upload/admin/frontpage right.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `loadadminpage` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Concord Asset, Software, and Ticket system (CoAST) version 0.95 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sections file` parameter. This can be exploited by sending a malicious URL to the vulnerable `header.php` file. **Recommendations** For version 0.95, consider restricting access to the `header.php` file or disabling the use of the `sections file` parameter until a patch is available. Avoid using the `sections file` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SezHoo version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `IP` parameter in SezHooTabsAndActions.php. **Recommendations** For SezHoo version 0.1, consider restricting access to the SezHooTabsAndActions.php file to minimize the risk of exploitation. Avoid using the `IP` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PokerMax Poker League Tournament Script version 0.13 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `ValidUserAdmin` cookie. **Recommendations** For PokerMax Poker League Tournament Script version 0.13, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the `configure.php` file or restrict access to it to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.