Olibekas

**Name of the Vulnerable Software and Affected Versions** Mail2Forum versions 1.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `m2f root path` parameter to various PHP files, including "m2f/m2f phpbb204.php", "m2f/m2f forum.php", "m2f/m2f mailinglist.php", and "m2f/m2f cron.php". **Recommendations** For Mail2Forum versions 1.2 and earlier, consider disabling the `m2f root path` parameter until a patch is available to prevent remote file inclusion attacks. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the `m2f root path` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WonderEdit Pro CMS (affected versions not specified) **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via the `config[template path]` parameter in "user bottom.php", affecting multiple templates. **Recommendations** For WonderEdit Pro CMS, as a temporary workaround, consider restricting access to the "user bottom.php" file and the `config[template path]` parameter until a patch is available. Avoid using the `config[template path]` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Randshop version 1.1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `dateiPfad` parameter in the includes/header.inc.php file. **Recommendations** For Randshop version 1.1.1, consider restricting access to the `dateiPfad` parameter in the includes/header.inc.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyDirectory versions 10.4.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ROOT PATH` parameter in the cron.php file. **Recommendations** For phpMyDirectory versions 10.4.4 and earlier, update to a version later than 10.4.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Squirrelcart versions 2.2.2 and earlier **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `cart isp root` parameter in the cart content.php file. **Recommendations** For Squirrelcart versions 2.2.2 and earlier, update to a version later than 2.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ezUserManager versions 1.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is done via a URL in the `ezUserManager Path` parameter to "ezusermanager pwd forgott.php", possibly due to an issue in "ezusermanager core.inc.php". **Recommendations** For ezUserManager versions 1.6 and earlier, consider disabling the `register globals` setting to prevent exploitation. Additionally, restrict access to the "ezusermanager pwd forgott.php" script and the `ezUserManager Path` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** EQdkp versions 1.3.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `eqdkp root path` parameter. This is a result of a remote file inclusion vulnerability in the includes/dbal.php file. **Recommendations** For EQdkp versions 1.3.0 and earlier, as a temporary workaround, consider restricting access to the `eqdkp root path` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.