Romancyxhacker

**Name of the Vulnerable Software and Affected Versions** Arab Portal version 2.2 **Description** The issue concerns SQL injection vulnerabilities in the admin/aclass/admin func.php file. Remote attackers can execute arbitrary SQL commands by manipulating the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. **Recommendations** For Arab Portal version 2.2, consider restricting access to the admin/aclass/admin func.php file until a patch is available. As a temporary workaround, avoid using the `X-Forwarded-For` and `Client-IP` HTTP headers in requests to the default URI under admin/.

**Name of the Vulnerable Software and Affected Versions** Anantasoft Gazelle CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `/admin/editor/filemanager/browser.html` endpoint, and then accessing it via a direct request to the file in `user/File/`. This is due to an unrestricted file upload vulnerability. **Recommendations** For Anantasoft Gazelle CMS version 1.0, restrict access to the `browser.html` file in the `admin/editor/filemanager` directory to prevent unauthorized file uploads. As a temporary workaround, consider disabling the file upload functionality in the `browser.html` file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Ve-EDIT version 0.1.4 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `highlighter` parameter in the editor/edit htmlarea.php file. Recommendations: For Ve-EDIT version 0.1.4, consider restricting access to the editor/edit htmlarea.php file to minimize the risk of exploitation. Avoid using the `highlighter` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kipper version 2.01 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `charm` parameter in the default.php file. **Recommendations** For Kipper version 2.01, avoid using the `charm` parameter in the default.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `charm` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kipper version 2.01 **Description** The issue allows remote attackers to download a file containing credentials via a direct request for "job/config.data". This is due to insufficient access control of sensitive information stored under the web root. **Recommendations** For version 2.01, restrict access to the "job/config.data" file to prevent unauthorized downloads. Consider implementing proper access controls for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** AdaptCMS Lite version 1.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sitepath` parameter in the plugins/rss importer functions.php file. **Recommendations** For AdaptCMS Lite version 1.4, consider restricting access to the vulnerable `rss importer functions.php` file until a patch is available. Avoid using the `sitepath` parameter in the affected plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SnippetMaster version 2.2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is possible due to multiple PHP remote file inclusion vulnerabilities when register globals is enabled. The vulnerabilities can be exploited via a URL in the (1) ` SESSION[SCRIPT PATH]` parameter to "includes/vars.inc.php" and the (2) `g pcltar lib dir` parameter to "includes/tar lib/pcltar.lib.php". **Recommendations** For SnippetMaster version 2.2.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/vars.inc.php and includes/tar lib/pcltar.lib.php files to minimize the risk of arbitrary PHP code execution. Avoid using the ` SESSION[SCRIPT PATH]` and `g pcltar lib dir` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SnippetMaster Webpage Editor version 2.2.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `language` parameter in the index.php file. **Recommendations** For SnippetMaster Webpage Editor version 2.2.2, as a temporary workaround, consider restricting access to the index.php file until a patch is available. Avoid using the `language` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AdaptCMS Lite version 1.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `url` and `acuparam` parameters, and the URI. This can lead to the execution of malicious scripts on the client-side. **Recommendations** For AdaptCMS Lite version 1.4, as a temporary workaround, consider restricting access to the `index.php` file until a patch is available. Avoid using the `url` and `acuparam` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MODx CMS versions 0.9.6.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when magic quotes gpc is disabled. This is achieved via a URL in the `reflect base` parameter. **Recommendations** For MODx CMS versions 0.9.6.2 and earlier, consider disabling the reflect snippet or restricting access to the assets/snippets/reflect/snippet.reflect.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

**Name of the Vulnerable Software and Affected Versions** MODx CMS versions 0.9.6.2 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a JavaScript event in the `username` field. This might be related to snippet.ditto.php. **Recommendations** For MODx CMS versions 0.9.6.2 and earlier, update to a version later than 0.9.6.2 to resolve the issue. As a temporary workaround, consider restricting input in the `username` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Belong Software Site Builder version 0.1 beta **Description** The issue allows remote attackers to bypass intended access restrictions and perform administrative actions. This is achieved via a direct request to the "admin/home.php" endpoint. **Recommendations** For Belong Software Site Builder version 0.1 beta, consider restricting access to the "admin/home.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** JnSHosts PHP Hosting Directory version 2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `rd` parameter in the include/admin.php file. **Recommendations** For JnSHosts PHP Hosting Directory version 2.0, consider restricting access to the include/admin.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `rd` parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BoonEx Ray version 3.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `sIncPath` parameter in the modules/global/inc/content.inc.php file when register globals is enabled. Recommendations: For BoonEx Ray version 3.5, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the modules/global/inc/content.inc.php file to minimize the risk of exploitation. Avoid using the `sIncPath` parameter in affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: BoonEx Dolphin version 6.1.2 Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved via a URL in the `dir[plugins]` parameter to HTMLSax3.php and safehtml.php in plugins/safehtml/, and the `sIncPath` parameter to ray/modules/global/inc/content.inc.php. Recommendations: For BoonEx Dolphin version 6.1.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the `dir[plugins]` and `sIncPath` parameters in the affected files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Contenido CMS version 4.8.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the `contenido path` parameter to `contenido/backend search.php`, the `cfg[path][contenido]` parameter to multiple files in `contenido/cronjobs/`, the `cfg[path][templates]` parameter to files in `contenido/`, and the `cfg[templates][right top blank]` parameter to files in `contenido/`. This can be achieved by manipulating specific API endpoints, such as `(a) contenido/backend search.php`, `(b) move articles.php`, `(c) move old stats.php`, `(d) optimize database.php`, `(e) run newsletter job.php`, `(f) send reminder.php`, `(g) session cleanup.php`, and `(h) setfrontenduserstate.php` in `contenido/cronjobs/`, and `(i) includes/include.newsletter jobs subnav.php` and `(j) plugins/content allocation/includes/include.right top.php` in `contenido/`. The vulnerable parameters include `contenido path`, `cfg[path][contenido]`, `cfg[path][templates]`, and `cfg[templates][right top blank]`. **Recommendations** For Contenido CMS version 4.8.4, as a temporary workaround, consider disabling the `contenido/backend search.php` and other affected files until a patch is available. Restrict access to the vulnerable parameters `contenido path`, `cfg[path][contenido]`, `cfg[path][templates]`, and `cfg[templates][right top blank]` to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SazCart version 1.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the ` saz[settings][site dir]` parameter to "layouts/default/header.saz.php" and the ` saz[settings][site url]` parameter to "admin/alayouts/default/pages/login.php". Recommendations: For SazCart version 1.5.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the "layouts/default/header.saz.php" and "admin/alayouts/default/pages/login.php" files until a patch is available. Avoid using the ` saz[settings][site dir]` and ` saz[settings][site url]` parameters in the affected files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Interact Learning Community Environment Interact version 2.4.1 Description: The issue allows remote attackers to execute arbitrary PHP code via specific parameters when register globals is enabled. This can be achieved by manipulating the `CONFIG[LANGUAGE CPATH]` parameter in the "modules/forum/embedforum.php" endpoint and the `CONFIG[BASE PATH]` parameter in the "modules/scorm/lib.inc.php" endpoint. Recommendations: For Interact Learning Community Environment Interact version 2.4.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the `modules/forum/embedforum.php` and `modules/scorm/lib.inc.php` endpoints until a patch is available. Avoid using the `CONFIG[LANGUAGE CPATH]` and `CONFIG[BASE PATH]` parameters in these endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cyberfolio version 7.12 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `rep` parameter in the `portfolio/commentaires/derniers commentaires.php` file when `register globals` is enabled. Recommendations: For Cyberfolio version 7.12, consider disabling the `register globals` setting to prevent exploitation. As a temporary workaround, restrict access to the `portfolio/commentaires/derniers commentaires.php` file until a patch is available. Avoid using the `rep` parameter in the affected file until the issue is resolved.

PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.