R@1D3N

**Name of the Vulnerable Software and Affected Versions** Fast Click SQL Lite versions 1.1.3 and earlier **Description** A remote file inclusion issue in show.php allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter. **Recommendations** For Fast Click SQL Lite versions 1.1.3 and earlier, update to a version later than 1.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FtrainSoft Fast Click versions 2.3.8 and earlier **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter to (1) "show.php" or (2) "top.php" API endpoints. **Recommendations** For FtrainSoft Fast Click versions 2.3.8 and earlier, consider disabling access to the `show.php` and `top.php` endpoints until a patch is available. Restrict the use of the `path` parameter in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Land Down Under (LDU) versions 802 and earlier **Description** The issue allows remote attackers to obtain sensitive information via an invalid `month` or `year` parameter in the plug.php file. This is achieved by revealing the path in an error message when an invalid parameter is provided. **Recommendations** For versions 802 and earlier, as a temporary workaround, consider restricting access to the plug.php file until a patch is available. Avoid using the `month` and `year` parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NextAge Shopping Cart (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `username` and `password` parameters in the myadmin/index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FarsiNews versions 2.5.3 and earlier **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `selected search arch` parameter in the "search.php" file. **Recommendations** For FarsiNews versions 2.5.3 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FarsiNews versions 2.5.3 and earlier **Description** A directory traversal issue allows remote attackers to obtain the installation path by using ".." sequences in the `archive` parameter to "index.php", which leaks the full pathname in an error message. **Recommendations** For FarsiNews versions 2.5.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.