Dr.Trojan

**Name of the Vulnerable Software and Affected Versions** CMSmelborp Beta **Description** A remote file inclusion issue in the includes/user standard.php file allows remote attackers to execute arbitrary PHP code via a URL in the `relative root` parameter. **Recommendations** For CMSmelborp Beta, consider restricting access to the `includes/user standard.php` file until a patch is available. As a temporary workaround, avoid using the `relative root` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Axiom Photo/News Gallery version 0.8.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `baseAxiomPath` parameter in the template.php file. **Recommendations** For version 0.8.6, avoid using the `baseAxiomPath` parameter in the template.php file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Yrch! version 1.0 Description: A remote file inclusion issue exists in the plugins/metasearch/plug.inc.php file, allowing remote attackers to execute arbitrary PHP code via a URL in the `path` parameter. Recommendations: For Yrch! version 1.0, as a temporary workaround, consider restricting access to the `plug.inc.php` file in the `plugins/metasearch` directory until a patch is available. Avoid using the `path` parameter in the affected plugin until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Ciberia Content Federator version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via the `path` parameter in the socios/maquetacion socio.php (members/maquetacion member.php) file. Recommendations: For Ciberia Content Federator version 1.0, consider restricting access to the `path` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yaplap versions 0.6 through 0.6.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `LOGIN style` parameter in the ldap.php file. **Recommendations** For yaplap versions 0.6 through 0.6.1, consider restricting access to the ldap.php file to minimize the risk of exploitation. Avoid using the `LOGIN style` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gizzar versions 03162002 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `basePath` parameter in the index.php file. This enables attackers to potentially compromise the system by injecting malicious code. **Recommendations** For Gizzar versions 03162002 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** awrate version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `toroot` parameter to "search.php". **Recommendations** For awrate version 1.0, consider restricting access to the `search.php` endpoint or validating the `toroot` parameter to prevent remote file inclusion attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NukeAI version 0.0.3 Beta **Description** A direct static code injection issue allows remote attackers to upload and execute arbitrary PHP code. This is achieved by sending a filename with a .php extension in the `filename` parameter and malicious code in the `moreinfo` parameter. The code is saved to a file under the descriptions/ directory, which can be accessed directly. **Recommendations** For NukeAI version 0.0.3 Beta, consider restricting access to the util.php file and the descriptions/ directory to prevent exploitation. As a temporary workaround, avoid using the `filename` and `moreinfo` parameters in the affected module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NukeAI version 0.0.3 Beta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `AIbasedir` parameter in the modules/NukeAI/util.php file. This is related to a remote file inclusion vulnerability. **Recommendations** For NukeAI version 0.0.3 Beta, consider restricting access to the `util.php` file in the modules/NukeAI directory to minimize the risk of exploitation. Avoid using the `AIbasedir` parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Ark version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfg pear path` parameter in the src/ark inc.php file. **Recommendations** For e-Ark version 1.0, consider restricting access to the `cfg pear path` parameter to minimize the risk of exploitation. Avoid using the `cfg pear path` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.