Inc0Mp13Te

**Name of the Vulnerable Software and Affected Versions** Archery Scores (com archeryscores) version 1.0.6 for Joomla! **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For Archery Scores (com archeryscores) version 1.0.6, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component Graphics (com graphics) versions 1.0.6 and 1.5.0 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For version 1.0.6, update to a version that fixes this issue. For version 1.5.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "graphics.php" file in the Graphics component until a patch is available.