R3D.W0Rm

**Name of the Vulnerable Software and Affected Versions** Lanai Core version 0.6 **Description** The issue allows remote attackers to obtain configuration information by making a direct request to "info.php", which calls the `phpinfo()` function. **Recommendations** For Lanai Core version 0.6, consider removing or restricting access to the "info.php" file to prevent unauthorized disclosure of configuration information.

**Name of the Vulnerable Software and Affected Versions** Lanai Core version 0.6 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `f` parameter of the /modules/backup/download.php endpoint. **Recommendations** For Lanai Core version 0.6, consider restricting access to the download.php module to minimize the risk of exploitation. Avoid using the `f` parameter in the /modules/backup/download.php endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Greenwood PHP Content Manager version 0.3.2 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `content path` parameter. **Recommendations** For version 0.3.2, consider restricting access to the `include/processor.php` file until a patch is available. As a temporary workaround, avoid using the `content path` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Phenotype CMS versions prior to 2.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `user` parameter, also referred to as the login name, in the ` phenotype/admin/login.php` file. **Recommendations** For versions prior to 2.9, update to version 2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHPGenealogy version 2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `DataDirectory` parameter. This is a result of a remote file inclusion vulnerability in CoupleDB.php. **Recommendations** For PHPGenealogy version 2.0, consider restricting access to the `DataDirectory` parameter to minimize the risk of exploitation. Avoid using the `DataDirectory` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cP Creator version 2.7.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tickets` parameter in a support ticket action when `magic quotes gpc` is disabled. **Recommendations** For cP Creator version 2.7.1, consider disabling the support ticket action or restricting access to it until a fix is available. Additionally, enabling `magic quotes gpc` can mitigate the risk of exploitation. Avoid using the `tickets` parameter in the affected action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion E-Cart module version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `CA` parameter in the items.php file. **Recommendations** For PHP-Fusion E-Cart module version 1.3, consider restricting access to the items.php file or the `CA` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion Members CV (job) module version 1.0 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the members.php file when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the `sortby` parameter. **Recommendations** For PHP-Fusion Members CV (job) module version 1.0, consider disabling the `sortby` parameter in the members.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

Name of the Vulnerable Software and Affected Versions: ASP-CMS version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cha` parameter in the index.asp file. Recommendations: For ASP-CMS version 1.0, avoid using the `cha` parameter in the index.asp file until a fix is available. Consider restricting access to the index.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Asp Project Management version 1.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `crypt` cookie to 1, effectively allowing unauthorized access to administrative functions. **Recommendations** For Asp Project Management version 1.0, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the `crypt` cookie or set it to a value other than 1 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! Mydyngallery component version 1.4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the directory parameter to the "index.php" API endpoint. The `directory` parameter is vulnerable, allowing attackers to inject malicious SQL code. **Recommendations** For version 1.4.2, consider restricting access to the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `directory` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Facto (affected versions not specified) **Description** The issue allows remote attackers to download a database file containing passwords due to insufficient access control. This can be achieved by making a direct request for the database file, specifically 'database/facto.mdb'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arab Portal version 2.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `file` parameter, in conjunction with a `show` action. **Recommendations** For Arab Portal version 2.1, consider restricting access to the `mod.php` file until a patch is available. As a temporary workaround, avoid using the `file` parameter with a `show` action in the `mod.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Team Impact TI Blog System mod for PHP-Fusion (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the `blog.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.