Xcross87

**Name of the Vulnerable Software and Affected Versions** PHP F1 Max's File Uploader (affected versions not specified) **Description** The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to upload and execute arbitrary PHP files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Article Dashboard (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `user` or `password` fields in the admin/login.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eLouai's Force Download of media files script versions 20071030 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files via the `file` parameter in the "downloadfile.php" script. This issue is notable in environments where the system administrator has not followed vendor recommendations to use the product only internally. **Recommendations** For versions 20071030 and earlier, consider restricting access to the "downloadfile.php" script until a fix is available, and ensure the product is used only internally as recommended by the vendor.

**Name of the Vulnerable Software and Affected Versions** SeeBlick version 1.0 Beta **Description** The issue concerns an unrestricted file upload vulnerability in the upload.php file. This allows remote attackers to upload arbitrary files, which are stored with .html extensions. The scope of the attack might be limited to resource consumption and possibly cross-site scripting (XSS). **Recommendations** For SeeBlick version 1.0 Beta, consider restricting or disabling the upload functionality in upload.php until a proper fix is available to prevent arbitrary file uploads. As a temporary workaround, restrict access to the upload.php file to minimize the risk of exploitation.