Lotfree

Name of the Vulnerable Software and Affected Versions: Game Maker 2k Internet Discussion Boards (iDB) version 0.2.5 Pre-Alpha SVN 243 Description: The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the inc/profilemain.php file. The vulnerability can be triggered by sending a settings action to profile.php with a .. (dot dot) in the `skin` parameter. Recommendations: For Game Maker 2k Internet Discussion Boards (iDB) version 0.2.5 Pre-Alpha SVN 243, consider restricting access to the `skin` parameter in the profile.php settings action to minimize the risk of exploitation. As a temporary workaround, restrict the ability to include and execute arbitrary local files via the inc/profilemain.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SoftBB version 0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mail` parameter in the 'reg.php' file. **Recommendations** For SoftBB version 0.1, consider restricting access to the 'reg.php' file or validating and sanitizing the `mail` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `mail` parameter in the 'reg.php' file until a patch is available.