Morinex

**Name of the Vulnerable Software and Affected Versions** PCXP/TOPPE CMS (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and gain privileges. This is achieved by modifying the cookie to match the target `userid`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PCXP/TOPPE CMS (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `msg` variable. This can occur in the pm.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultimate PHP Board (UPB) versions 1.8 through 1.9.6 **Description** The issue allows remote attackers to read sensitive data. This is possibly due to a SQL injection vulnerability, where the `postorder` parameter is not properly handled by `textdb.inc.php` in `viewforum.php`. **Recommendations** For Ultimate PHP Board (UPB) versions 1.8 through 1.9.6, consider restricting access to the `viewforum.php` page until a proper fix is applied, and avoid using the `postorder` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ultimate PHP Board (UPB) versions 1.8 through 1.9.6 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `postorder` parameter in the viewforum.php file. **Recommendations** For Ultimate PHP Board (UPB) versions 1.8 through 1.9.6, consider updating to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultimate PHP Board (UPB) versions 1.8 through 1.9.6 **Description** The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid `id` or possibly `postorder` parameter to the `viewforum.php` file, which reveals the path in an error message when a file cannot be opened. **Recommendations** For Ultimate PHP Board (UPB) versions 1.8 through 1.9.6, consider restricting access to the `viewforum.php` file until a fix is available, or avoid using invalid `id` or `postorder` parameters to prevent information disclosure.

**Name of the Vulnerable Software and Affected Versions** DirectTopics versions 2.1 through 2.2 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script via a javascript: URL in a thread or an IMG tag. **Recommendations** For versions 2.1 and 2.2, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** DirectTopics versions 2.1 through 2.2 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `topic` parameter. This is achieved by revealing the path in an error message when the invalid parameter is used. **Recommendations** For DirectTopics versions 2.1 through 2.2, consider restricting access to the topic.php file to minimize the risk of exploitation. As a temporary workaround, avoid using invalid topic parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DirectTopics versions 2.1 through 2.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `topic` parameter in the "topic.php" file. **Recommendations** For versions 2.1 and 2.2, update to a version that includes a fix for this issue, as using the `topic` parameter in the "topic.php" file can lead to arbitrary SQL command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.