Dj7Xpl

**Name of the Vulnerable Software and Affected Versions** UploadScript version 1.0 **Description** The issue allows remote attackers to gain administrator privileges due to a lack of original password verification when changing to a new password. This is achieved via the `pass` parameter in a 'nopass' (Set Password) action. **Recommendations** For UploadScript version 1.0, consider disabling the password change functionality until a patch is available to enforce original password checks before allowing changes to a new password. Restrict access to the admin.php script to minimize the risk of exploitation. Avoid using the `pass` parameter in the 'nopass' action for the time being.

**Name of the Vulnerable Software and Affected Versions** UploadImage version 1.0 **Description** The issue allows remote attackers to gain administrator privileges. This is due to the lack of original password verification when changing to a new password. The `pass` parameter in a 'nopass' (Set Password) action is vulnerable to exploitation. **Recommendations** For UploadImage version 1.0, consider disabling the password change functionality until a proper fix is implemented to require the original password for changes. Restrict access to the admin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Neuron News version 1.0 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `q` parameter of the index.php file, enabling directory traversal. **Recommendations** For Neuron News version 1.0, consider restricting access to the `q` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `q` parameter with untrusted input until a patch is available.

Name of the Vulnerable Software and Affected Versions: phpFFL version 1.24 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `PHPFFL FILE ROOT` parameter to specific API endpoints, such as "program files/livedraft/livedraft.php" or "program files/livedraft/admin.php". Recommendations: For phpFFL version 1.24, consider restricting access to the `livedraft.php` and `admin.php` files in the `program files/livedraft` directory to minimize the risk of exploitation. Avoid using the `PHPFFL FILE ROOT` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AV Tutorial Script (avtutorial) version 1.0 **Description** The issue allows remote attackers to change passwords for arbitrary users without requiring authentication or knowledge of the old password. This is achieved by modifying the `password` parameter in the "changePW.php" file. **Recommendations** For AV Tutorial Script (avtutorial) version 1.0, consider implementing authentication and old password verification requirements for the password change functionality in the "changePW.php" file to prevent unauthorized password changes. As a temporary workaround, restrict access to the "changePW.php" file until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** dreamLog (aka dreamblog) version 0.5 **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary PHP code in the uploads/images/ directory via the `uploadedFile[]` parameter in the upload.php file. **Recommendations** For dreamLog (aka dreamblog) version 0.5, restrict access to the upload.php file to prevent arbitrary file uploads, and consider validating and sanitizing the `uploadedFile[]` parameter to prevent code execution.

**Name of the Vulnerable Software and Affected Versions** MiniBB version 2.0.5 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `language` parameter within a register action. **Recommendations** For MiniBB version 2.0.5, consider restricting access to the `language` parameter in the register action to prevent exploitation until a fix is available. As a temporary workaround, disabling the register action or limiting file access through the `index.php` file may help minimize the risk.

**Name of the Vulnerable Software and Affected Versions** NavBoard version 2.6.0 **Description** A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters. This is demonstrated through the `threadperpage` parameter in an `editconfig` action. **Recommendations** For NavBoard version 2.6.0, consider restricting access to the `admin config.php` file and avoid using the `threadperpage` parameter in the `editconfig` action until a patch is available. As a temporary workaround, restrict modifications to the `data/config.php` file to prevent arbitrary code injection.

**Name of the Vulnerable Software and Affected Versions** Snaps! Gallery version 1.4.4 **Description** The issue allows remote attackers to change arbitrary usernames and passwords. This is achieved via the `username`, or the `password` and `password2` parameters in an edit action. **Recommendations** For Snaps! Gallery version 1.4.4, avoid using the `username`, `password`, and `password2` parameters in the edit action until the issue is resolved. As a temporary workaround, consider restricting access to the Admin/users.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Monalbum version 0.8.7 **Description** The issue allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via various parameters in the admin/admin configuration.php script. The vulnerable parameters include `gadm pass`, `gadm user`, `gcfgHote`, `gcfgPass`, `gcfgUser`, `gclassement rep`, `gcontour`, `gfond`, `ggd version`, `ghome`, `ghor`, `gimg copyright`, `glangage`, `gmenu visible`, `gmini hasard`, `gordre rep`, `gpage`, `gracine`, `grech inactive`, `grep mini`, `grepertoire`, `gsite`, `gslide`, `gtitre`, `guse copyright`, `gversion`, `gvert`, or `gcfgBase`. **Recommendations** For Monalbum version 0.8.7, as a temporary workaround, consider restricting access to the admin/admin configuration.php script until a patch is available. Additionally, avoid using the vulnerable parameters in the script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PhpFirstPost version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Include` parameter in the block.php file. **Recommendations** For PhpFirstPost version 0.1, consider restricting access to the block.php file to minimize the risk of exploitation. Avoid using the `Include` parameter in the block.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PinkCrow Designs Gallery or maGAZIn version 2.0 **Description** The issue allows remote attackers to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the phpThumb.php file, where an attacker can use a .. (dot dot) in the `src` parameter to access files outside the intended directory. **Recommendations** For version 2.0, consider restricting access to the phpThumb.php file or the `src` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `src` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** R2K Gallery version 1.7 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `lang2` parameter of the galeria.php file. **Recommendations** For R2K Gallery version 1.7, consider restricting access to the galeria.php file until a patch is available, or avoid using the `lang2` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Archangel Weblog version 0.90.02 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `index` parameter of the "index.php" file. **Recommendations** For Archangel Weblog version 0.90.02, update the index.php file to properly sanitize the `index` parameter to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** Treble Designs 1024 CMS version 0.7 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `item` parameter of the includes/download.php file. **Recommendations** For version 0.7, consider restricting access to the includes/download.php file until a patch is available, or avoid using the `item` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Motobit versions 1.3 through 1.5 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `File` parameter in the "download.asp" file. **Recommendations** For Motobit version 1.3, update to a version that fixes this issue. For Motobit version 1.5, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maran PHP Forum (affected versions not specified) **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary PHP files. The vulnerability can be exploited by adding a trailing %00 in a filename in the `page` parameter of the `forum write.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jchit counter version 1.0.0 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the imgsrv.php file. This is achieved by using a .. (dot dot) in the `acc` parameter. **Recommendations** For version 1.0.0, consider restricting access to the imgsrv.php file or the `acc` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP-Ring Webring System (aka uPHP ring website) version 0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `ring` parameter in the index.php file. **Recommendations** For PHP-Ring Webring System (aka uPHP ring website) version 0.9, consider validating and sanitizing the `ring` parameter to prevent SQL injection attacks. As a temporary workaround, restrict access to the index.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozzers SubSystem version 1.0 **Description** A static code injection issue exists, allowing remote attackers to inject PHP code into subs.php via the `Sub-name` or `Sub-url` field in add.php. It is also possible to reach the add action through a request to index.php. **Recommendations** For Mozzers SubSystem version 1.0, consider disabling the add action in add.php to prevent exploitation until a fix is available. Restrict access to the `Sub-name` and `Sub-url` fields to minimize the risk of code injection.