Igi

**Name of the Vulnerable Software and Affected Versions** ActiveCampaign KnowledgeBuilder version 2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `visEdit root` parameter in the admin/e data/visEdit control.class.php file. **Recommendations** For ActiveCampaign KnowledgeBuilder version 2.2, consider restricting access to the `visEdit control.class.php` file until a patch is available. Avoid using the `visEdit root` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlushCMS versions 1.0.0-pre2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `class path` parameter in the Include/editor/rich files/class.rich.php file. **Recommendations** For FlushCMS versions 1.0.0-pre2 and earlier, consider restricting access to the vulnerable class.rich.php file until a patch is available. Avoid using the `class path` parameter in the affected file to minimize the risk of exploitation.