Root3R_H3Ll

**Name of the Vulnerable Software and Affected Versions** Exporia version 0.3.0 **Description** A remote file inclusion issue in common.php allows remote attackers to execute arbitrary PHP code via a URL in the `lan` parameter. However, it's noted that further analysis by SecurityFocus disputes this issue, stating the application is not vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenConcept Back-End version 0.4.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `includes path` parameter in several PHP files, including "admin/index.php", "Facts.php", and "search.php". **Recommendations** For OpenConcept Back-End version 0.4.5, consider restricting access to the `includes path` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `includes path` parameter in the API endpoints "admin/index.php", "Facts.php", and "search.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyPhotos version 0.1.3b beta **Description** A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code via the `includesdir` parameter. **Recommendations** For MyPhotos version 0.1.3b beta, as a temporary workaround, consider restricting access to the `includesdir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WWWthreads versions 5.4.2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `Cat` parameter to various API endpoints, including "dosearch.php", "postlist.php", "showmembers.php", "faq english.php", "online.php", "login.php", "newuser.php", "wwwthreads.php", "search.php". This can lead to cross-site scripting (XSS) attacks. **Recommendations** For WWWthreads versions 5.4.2 and earlier, consider disabling access to the vulnerable API endpoints until a patch is available. Restrict input for the `Cat` parameter in the affected endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP System Administration Toolkit (PHPSaTK) (affected versions not specified) **Description** A remote file inclusion issue in the loader.php file of PHPSaTK allows remote attackers to execute arbitrary PHP code via a URL in the `config` parameter of the `GLOBALS` array. However, it is noted that the `GLOBALS[config]` variable is initialized before being used, which disputes the severity of this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.