Lo$Er

**Name of the Vulnerable Software and Affected Versions** Gravy Media Photo Host version 1.0.8 **Description** The issue allows remote attackers to read arbitrary files due to an absolute path traversal vulnerability in the forcedownload.php file. This is achieved by using an encoded "/" (slash) in the `file` parameter. **Recommendations** For Gravy Media Photo Host version 1.0.8, consider restricting access to the forcedownload.php file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Africa Be Gone (ABG) version 1.0a **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `abg path` parameter in the index.php file. **Recommendations** For Africa Be Gone (ABG) version 1.0a, avoid using the `abg path` parameter in the index.php file until the issue is resolved. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.