Srsec

**Name of the Vulnerable Software and Affected Versions** mblog version 3.5.0 **Description** The issue allows attackers to execute arbitrary code via a crafted theme when it gets selected. This is due to an OS Command injection vulnerability. **Recommendations** For mblog version 3.5.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DouPHP version 1.5 Release 20190516 **Description** The issue allows remote attackers to view the database backup file through a brute-force guessing approach for filenames in the format data/backup/DyyyymmddThhmmss.sql. **Recommendations** For DouPHP version 1.5 Release 20190516, consider restricting access to the backup files in the data/backup directory to prevent unauthorized viewing.