Angelkat

**Name of the Vulnerable Software and Affected Versions** e107 CMS versions prior to 2.3.3 **Description** A path traversal issue exists in e107 CMS. The issue is located in the Avatar Handler component, specifically within the file `/e107 admin/image.php?mode=main&action=avatar`. Manipulation of the `multiaction[]` argument can lead to path traversal. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Update e107 CMS to a version newer than 2.3.3.

**Name of the Vulnerable Software and Affected Versions** Ctcms version 2.1.2 **Description** A critical issue has been identified, affecting the file ctcms/apps/controllers/admin/Upsys.php, which leads to unrestricted upload. The attack can be initiated remotely, with a rather high complexity, making exploitation difficult. **Recommendations** For Ctcms version 2.1.2, consider restricting access to the Upsys.php file in the ctcms/apps/controllers/admin directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.