Steve M. Christey

**Name of the Vulnerable Software and Affected Versions** Madoa Poll version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved through multiple PHP remote file inclusion vulnerabilities. The vulnerable API endpoints are "index.php", "vote.php", and "admin.php", which are accessible via the `Madoa` parameter. **Recommendations** For Madoa Poll version 1.1, consider disabling the `Madoa` parameter in the affected API endpoints "index.php", "vote.php", and "admin.php" as a temporary workaround until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jobline version 1.1.1 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary code via a URL in the `mosConfig absolute path` parameter in the admin.jobline.php script. **Recommendations** For Jobline version 1.1.1, as a temporary workaround, consider restricting access to the `admin.jobline.php` script to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.