Alp_Eren

**Name of the Vulnerable Software and Affected Versions** phpjobboard (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and gain administrator privileges. This can be achieved by making a direct request to the "admin.php" endpoint with the `adminop` variable set to `job-edit`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PlaNet Concept planetNews (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and execute arbitrary code by making a direct request to the "news/admin/planetnews.php" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PlaNet Concept plaNetStat version 20050127 **Description** The issue allows remote attackers to gain administrative privileges and view and configure log files by making a direct request to the "admin.php" or "settings.php" API endpoints. **Recommendations** For version 20050127, consider restricting access to the "admin.php" and "settings.php" API endpoints to prevent unauthorized administrative access until a patch is available.

**Name of the Vulnerable Software and Affected Versions** singapore version 0.9.7 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `image` parameter in the index.php file. **Recommendations** For version 0.9.7, consider restricting access to the index.php file until a patch is available, and avoid using the `image` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** X-Scripts X-Poll (xpoll) version 2.30 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by using the admin/images/add.php endpoint to upload a PHP file, which can then be accessed. **Recommendations** For version 2.30, consider restricting access to the admin/images/add.php endpoint until a patch is available. Additionally, remove any uploaded PHP files that could be used for malicious purposes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.