Alkomandoz Hacker

**Name of the Vulnerable Software and Affected Versions** teatro version 1.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `basePath` parameter in the pub/pub08 comments.php file. **Recommendations** For teatro version 1.6, consider restricting access to the `basePath` parameter in the pub/pub08 comments.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `basePath` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Build it Fast (bif3) version 0.4.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pear dir` parameter to Base/Application.php, or the `sys dir` parameter to various PHP files in the Widgets/Base/ directory, including Footer.php, widget.BifContainer.php, widget.BifRoot.php, widget.BifRoot2.php, widget.BifRoot3.php, and widget.BifWarning.php. **Recommendations** For Build it Fast (bif3) version 0.4.1, consider restricting access to the `pear dir` and `sys dir` parameters in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `pear dir` parameter in the Base/Application.php file and the `sys dir` parameter in the Footer.php, widget.BifContainer.php, widget.BifRoot.php, widget.BifRoot2.php, widget.BifRoot3.php, and widget.BifWarning.php files in the Widgets/Base/ directory.

**Name of the Vulnerable Software and Affected Versions** FireFly version 1.1.01 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `doc root` parameter to specific PHP files, including `localize.php` and `config.php` in `modules/admin/include/`. **Recommendations** For FireFly version 1.1.01, consider restricting access to the `localize.php` and `config.php` files in the `modules/admin/include/` directory to minimize the risk of exploitation. Avoid using the `doc root` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FireFly versions 1.1.01 and earlier **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `DOCUMENT ROOT` parameter. This is related to the modules/admin/include/config.php file. **Recommendations** For FireFly versions 1.1.01 and earlier, as a temporary workaround, consider restricting access to the vulnerable config.php file until a patch is available. Avoid using the `DOCUMENT ROOT` parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phporacleview (affected versions not specified) **Description** The issue concerns remote file inclusion vulnerabilities in the inc/include all.inc.php file. Remote attackers can execute arbitrary PHP code by providing a URL in the `page dir` or `inc dir` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ext JS version 1.0 alpha1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by using a .. (dot dot) in the `feed` parameter of the examples/layout/feed-proxy.php file. It is noted that this issue might be platform dependent. **Recommendations** For Ext JS version 1.0 alpha1, as a temporary workaround, consider restricting access to the feed-proxy.php file until a patch is available. Avoid using the `feed` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSurveyPilot versions 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfgPathToProjectAdmin` parameter in the administration/user/lib/group.inc.php file. **Recommendations** For OpenSurveyPilot versions 1.2.1 and earlier, avoid using the `cfgPathToProjectAdmin` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AjPortal2Php (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PagePrefix` parameter to various PHP files, including "begin.inc.php", "connection.inc.php", "events.inc.php", "footer.inc.php", "header.inc.php", "menuleft.inc.php", and "pages.inc.php" in the "includes/" directory. **Recommendations** As a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the `PagePrefix` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gallery StoreFront mods (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GALLERY BASEDIR` parameter to specific PHP files, including `mods/business functions.php` and `mods/ui functions.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CodeBB versions 1.1b3 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter to specific PHP files, including (1) pass code.php and (2) lang select.php. Recommendations: For CodeBB versions 1.1b3 and earlier, as a temporary workaround, consider restricting access to the `pass code.php` and `lang select.php` files until a patch is available. Avoid using the `phpbb root path` parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.