Kw3[R]Ln

**Name of the Vulnerable Software and Affected Versions** XZero Community Classifieds versions 4.95.11 and earlier **Description** A remote file inclusion issue in config.inc.php allows remote attackers to execute arbitrary PHP code via a URL in the `path escape` parameter. **Recommendations** For versions 4.95.11 and earlier, update to a version later than 4.95.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XZero Community Classifieds versions 4.95.11 and earlier **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `pagename` parameter in a page view action. **Recommendations** For versions 4.95.11 and earlier, update to a version later than 4.95.11 to resolve the issue. As a temporary workaround, consider restricting access to the `pagename` parameter in the page view action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlashBB versions 1.1.8 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `phpbb root path` parameter in the phpbb/sendmsg.php file. **Recommendations** For FlashBB versions 1.1.8 and earlier, update to a version later than 1.1.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP Director versions 0.21 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the videos.php file. **Recommendations** For PHP Director versions 0.21 and earlier, avoid using the `id` parameter in the videos.php file until a fix is available. Consider restricting access to the videos.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPDirector versions 0.21 and earlier **Description** The issue allows local users to gain privileges by reading the config.php file, which stores the admin account name and password. **Recommendations** For PHPDirector versions 0.21 and earlier, consider restricting access to the config.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SerWeb versions 0.9.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` SERWEB[serwebdir]` parameter in the `html/load lang.php` file. **Recommendations** For SerWeb versions 0.9.6 and earlier, consider restricting access to the `html/load lang.php` file until a patch is available. As a temporary workaround, avoid using the ` SERWEB[serwebdir]` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Powl version 0.94 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` POWL[installPath]` parameter in the `htmledit.php` file, which is part of the plugins/widgets/htmledit directory. **Recommendations** For Powl version 0.94, consider restricting access to the `htmledit.php` file until a patch is available, and avoid using the ` POWL[installPath]` parameter in the affected endpoint.

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIB DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

**Name of the Vulnerable Software and Affected Versions** miniBB module Keyword Replacer (keyword replacer) versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pathToFiles` parameter in the addon keywords.php file. **Recommendations** For versions 1.0 and earlier, consider restricting access to the `addon keywords.php` file or the `pathToFiles` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPMyDesk version 1.0beta **Description** A directory traversal issue exists, allowing remote attackers to include arbitrary local files. This is achieved by manipulating the `pmdlang` parameter in the "viewticket.php" endpoint. **Recommendations** For PHPMyDesk version 1.0beta, as a temporary workaround, consider restricting access to the `viewticket.php` endpoint until a patch is available. Additionally, avoid using the `pmdlang` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Harpia CMS versions 1.0.5 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. This can be achieved by manipulating the following parameters: - `func prog` parameter in `preload.php` and `index.php` - `header prog` parameter in multiple files including `missing.php`, `email.php`, `files.php`, `headlines.php`, `search.php`, `topics.php`, and `users.php` in the ` mods/` directory - `theme root` parameter in `footer.php`, `header.php`, `pfooter.php`, and `pheader.php` in the ` inc` directory - `mod root` parameter in ` inc/header.php` - `mod dir` and `php ext` parameters in ` inc/web statsConfig.php` **Recommendations** For Harpia CMS versions 1.0.5 and earlier, consider disabling the `func prog`, `header prog`, `theme root`, `mod root`, `mod dir`, and `php ext` parameters in the respective files until a patch is available. Restrict access to the vulnerable PHP files in the ` mods/` and ` inc` directories to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CentiPaid versions 1.4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `absolute path` parameter in the centipaid class.php file. **Recommendations** For CentiPaid versions 1.4.2 and earlier, consider restricting access to the centipaid class.php file until a patch is available. Avoid using the `absolute path` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VerliAdmin versions 0.3 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `lang` cookie. This can be achieved by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php, but only when `magic quotes gpc` is disabled. **Recommendations** For VerliAdmin versions 0.3 and earlier, consider disabling the language.php file or restricting access to it until a patch is available. Additionally, enabling `magic quotes gpc` can mitigate this issue.

**Name of the Vulnerable Software and Affected Versions** osprey versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lib dir` parameter. This is a result of a PHP remote file inclusion vulnerability in the lib/xml/oai/GetRecord.php file. **Recommendations** For osprey versions 1.0 and earlier, as a temporary workaround, consider restricting access to the `lib dir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JumbaCMS version 0.0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `jcms root path` parameter in the includes/functions.php file. **Recommendations** For JumbaCMS version 0.0.1, consider restricting access to the `jcms root path` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Genepi versions 1.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `topdir` parameter. This is a result of a remote file inclusion vulnerability in the genepi.php file. **Recommendations** For Genepi versions 1.6 and earlier, consider restricting access to the `genepi.php` file or the `topdir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeekLog version 1.4 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the ` CONF[path]` parameter to various PHP files in the plugins/ directory, including links/functions.inc, polls/functions.inc, and multiple files within the spamx directory. **Recommendations** For GeekLog version 1.4, consider restricting access to the plugins/ directory and the specified PHP files until a patch is available. As a temporary workaround, avoid using the ` CONF[path]` parameter in the affected API endpoints. Restrict access to the vulnerable modules in the spamx directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceForge (aka alexandria) version 1.0.4 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the `sys dbtype` parameter in the include/database.php file. Recommendations: For version 1.0.4, avoid using the `sys dbtype` parameter in the include/database.php file until the issue is resolved. As a temporary workaround, consider restricting access to the include/database.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSSonate (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PROJECT ROOT` parameter to several PHP files, including `xml2rss.php`, `config local.php`, `rssonate.php`, and `sql2xml.php` in the `Src/getFeed/inc/` directory. This can be achieved by manipulating the URL to include malicious PHP code. **Recommendations** As a temporary workaround, consider restricting access to the `Src/getFeed/inc/` directory to minimize the risk of exploitation. Avoid using the `PROJECT ROOT` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: EPNadmin versions 0.7 through 0.7.1 Description: The issue allows remote attackers to execute arbitrary PHP code via the `langage` parameter in the constantes.inc.php file. Recommendations: For EPNadmin versions 0.7 through 0.7.1, consider restricting access to the constantes.inc.php file to minimize the risk of exploitation. Avoid using the `langage` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.