Futomi

**Name of the Vulnerable Software and Affected Versions** futomi MP Form Mail CGI Professional Edition versions 3.2.3 and earlier **Description** A directory traversal issue allows remote authenticated administrators to read arbitrary files. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. **Recommendations** For versions 3.2.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** futomi CGI Cafe MP Form Mail CGI eCommerce versions prior to 2.0.12 **Description** The issue allows remote attackers to execute arbitrary Perl code. **Recommendations** For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** futomi's CGI Cafe Access Analyzer CGI Professional versions 4.11.5 and earlier **Description** The issue allows remote attackers to gain administrative privileges. The exact vectors used for the attack are not specified. **Recommendations** For versions 4.11.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Futomi's CGI Cafe MP Form Mail CGI eCommerce versions 1.3.0 and earlier Futomi's CGI Professional versions 3.2.2 and earlier **Description** The issue allows remote attackers to gain administrative privileges. The attack vectors are unknown. **Recommendations** For Futomi's CGI Cafe MP Form Mail CGI eCommerce versions 1.3.0 and earlier, update to a version later than 1.3.0. For Futomi's CGI Professional versions 3.2.2 and earlier, update to a version later than 3.2.2.

**Name of the Vulnerable Software and Affected Versions** futomi's CGI Cafe Access Analyzer CGI Standard versions 3.8.1 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions 3.8.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CGI Cafe Fulltext search CGI version 1.1.2 **Description** The issue allows remote attackers to gain administrative privileges. The exact vectors used for the attack are not specified. **Recommendations** For version 1.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.