Ibnusina

**Name of the Vulnerable Software and Affected Versions** magic photo storage website (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` config[site path]` parameter to various PHP files. This includes files such as `admin password.php`, `add welcome text.php`, `admin email.php`, `add templates.php`, `admin paypal email.php`, `approve member.php`, `delete member.php`, `index.php`, `list members.php`, `membership pricing.php`, and `send email.php` in the `admin/` directory. Additionally, it affects `config.php` and `db config.php` in the `include/` directory, as well as multiple files in the `user/` directory, including `add category.php`, `add news.php`, `change catalog template.php`, `couple milestone.php`, `couple profile.php`, `delete category.php`, `index.php`, `login.php`, `logout.php`, `register.php`, `upload photo.php`, `user catelog password.php`, `user email.php`, `user extend.php`, and `user membership password.php`. **Recommendations** As a temporary workaround, consider disabling the ` config[site path]` parameter until a patch is available. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the ` config[site path]` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WGS-PPC (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `INC` parameter in various PHP files, including `config admin.php`, `config main.php`, `config member.php`, `mysql config.php`, `admin.php`, `index.php`, `ipnprocess.php`, `registration.php`, `ppcbannerclick.php`, and `ppcclick.php`. **Recommendations** For all affected versions, consider restricting access to the `INC` parameter in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of PHP code in the affected files until a patch is available. Restrict access to the affected PHP files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: sazcart version 1.5 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the ` saz[settings][shippingfolder]` and ` saz[settings][taxfolder]` parameters in the admin/controls/cart.php file. Recommendations: For sazcart version 1.5, as a temporary workaround, consider restricting access to the admin/controls/cart.php file until a patch is available. Avoid using the ` saz[settings][shippingfolder]` and ` saz[settings][taxfolder]` parameters in the affected file until the issue is resolved.