Nuffsaid

**Name of the Vulnerable Software and Affected Versions** Aratix versions 0.2.2 beta 11 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `current path` parameter. **Recommendations** For Aratix versions 0.2.2 beta 11 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the inc/init.inc.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `current path` parameter in URLs until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MTCMS versions 2.0 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ins file` parameter in the admin/admin settings.php file. Recommendations: For MTCMS versions 2.0 and earlier, consider restricting access to the admin/admin settings.php file and avoid using the `ins file` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Irokez CMS versions 0.7.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in certain parameters when register globals is enabled. This is possible through the `GLOBALS[PTH][func]` parameter in "scripts/gallery.scr.php", the `GLOBALS[PTH][spaw]` parameter in "scripts/xtextarea.scr.php", and the `GLOBALS[PTH][classes]` parameter in several other scripts, including "sitemap.scr.php", "news.scr.php", "polls.scr.php", "rss.scr.php", "search.scr.php" in the scripts directory, and various files in the functions directory. Recommendations: For Irokez CMS versions 0.7.1 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable parameters `GLOBALS[PTH][func]`, `GLOBALS[PTH][spaw]`, and `GLOBALS[PTH][classes]` in the affected scripts until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Jinzora Media Jukebox versions 2.7 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `include path` parameter in several PHP files, including "popup.php", "rss.php", "ajax request.php", and "mediabroadcast.php". Recommendations: For Jinzora Media Jukebox versions 2.7 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP files, specifically "popup.php", "rss.php", "ajax request.php", and "mediabroadcast.php", until a fix is available. Avoid using the `include path` parameter in these files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Phpmymanga versions 0.8.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `actionsPage` or `formPage` parameters. This can be achieved by providing a malicious URL as the value for these parameters, potentially leading to code execution on the vulnerable system. Recommendations: For Phpmymanga versions 0.8.1 and earlier, as a temporary workaround, consider restricting access to the `template.php` file or disabling the use of the `actionsPage` and `formPage` parameters until a patch is available. Avoid using these parameters in URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Paristemi version 0.8.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `HTTP DOCUMENT ROOT` parameter in the buycd.php file. Recommendations: For Paristemi version 0.8.3, consider restricting access to the buycd.php file to minimize the risk of exploitation. Avoid using the `HTTP DOCUMENT ROOT` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `menu` parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a URL in the `incpath` parameter to multiple files such as "index.inc.php", "account.inc.php", and others in the include/ directory. This can be achieved by manipulating the `menu` or `incpath` parameters to include malicious PHP code. Recommendations: For phpProfiles versions 3.1.2b and earlier, consider disabling the `menu` and `incpath` parameters in the affected PHP files until a patch is available. Restrict access to the include/ directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: PowerClan versions 1.14a and earlier Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `settings[footer]` parameter. Recommendations: For PowerClan versions 1.14a and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the footer.inc.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `settings[footer]` parameter in URLs until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: PgmReloaded versions 0.8.5 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `lang` parameter to "index.php", the `CFG[libdir]` and `CFG[localedir]` parameters to "common.inc.php", and the `CFG[localelangdir]` parameter to "form header.php". Recommendations: For PgmReloaded versions 0.8.5 and earlier, consider disabling the `lang`, `CFG[libdir]`, `CFG[localedir]`, and `CFG[localelangdir]` parameters in the affected PHP files until a patch is available. Restrict access to the "index.php", "common.inc.php", and "form header.php" files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Azucar CMS version 1.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` VIEW` parameter in the `admin/index sitios.php` file. Recommendations: For Azucar CMS version 1.3, consider restricting access to the `admin/index sitios.php` file to minimize the risk of exploitation. Avoid using the ` VIEW` parameter in this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Carsen Klock TextSend version 1.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ROOT PATH` parameter in the sender.php file. Recommendations: For Carsen Klock TextSend version 1.5, consider restricting access to the `ROOT PATH` parameter in the sender.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpWebThings versions 1.5.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `editor insert bottom` parameter. **Recommendations** For phpWebThings versions 1.5.2 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Additionally, restrict access to the `core/editor.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `editor insert bottom` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SimpleChat version 1.0.0 Description: A static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into chat log.php via the `msg` parameter in the chat panel.php file. Recommendations: For SimpleChat version 1.0.0, avoid using the `msg` parameter in the chat panel.php file until a fix is available. Consider restricting access to the chat log.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Modx CMS versions 0.9.2.1 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `base path` parameter. This could potentially be related to a vulnerability in FCKeditor. Recommendations: For Modx CMS versions 0.9.2.1 and earlier, consider restricting access to the `manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php` file until a patch is available. As a temporary workaround, avoid using the `base path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Segue CMS versions 1.5.8 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `themesdir` parameter when `register globals` is enabled. **Recommendations** For Segue CMS versions 1.5.8 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `themes/program/themesettings.inc.php` file to minimize the risk of exploitation. Avoid using the `themesdir` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Outburst Easynews versions 4.4.1 and earlier **Description** The issue allows remote attackers to bypass authentication and gain the ability to execute arbitrary code when the register globals setting is enabled. This is achieved via the `en login id` parameter. **Recommendations** For PHP Outburst Easynews versions 4.4.1 and earlier, disable the register globals setting to prevent exploitation. Additionally, consider restricting access to the admin.php file until a fix is available. As a temporary workaround, avoid using the `en login id` parameter in the affected admin.php file.

**Name of the Vulnerable Software and Affected Versions** ALiCE-CMS version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `CONFIG[local root]` parameter in the modules/guestbook/index.php file. **Recommendations** For ALiCE-CMS version 0.1, avoid using the `CONFIG[local root]` parameter in the modules/guestbook/index.php file until the issue is resolved. Restrict access to the modules/guestbook/index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpPowerCards version 2.10 **Description** The issue allows remote attackers to create or overwrite arbitrary files via several parameters when register globals is enabled. The vulnerable parameters include `email[to]`, `email[from]`, `name[to]`, `name[from]`, `picture`, `comment`, and `sessionID`. This can be exploited to create a new .php file that permits remote file inclusion. **Recommendations** For phpPowerCards version 2.10, disable the register globals setting to prevent exploitation. Additionally, restrict access to the db/txt.inc.php file and consider validating and sanitizing user input for the `email[to]`, `email[from]`, `name[to]`, `name[from]`, `picture`, `comment`, and `sessionID` parameters to minimize the risk of arbitrary file creation or overwrite.