Ant!-Tr0J4N

**Name of the Vulnerable Software and Affected Versions** OneCMS version 2.6.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `view` parameter in the "index.php" file. **Recommendations** For OneCMS version 2.6.1, avoid using the `view` parameter in the index.php file until a patch is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** N-13 News versions 3.4 through 4.0 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for creating new users via the options action in the news/admin.php file. **Recommendations** For versions 3.4 through 4.0, as a temporary workaround, consider restricting access to the news/admin.php file to minimize the risk of exploitation. Avoid using the options action in this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yamamah Photo Gallery version 1.00 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `news` parameter in index.php. **Recommendations** For Yamamah Photo Gallery version 1.00, update to a version released after 20100618 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Yamamah Photo Gallery version 1.00 **Description** The issue allows remote attackers to obtain the source code of executable files within the web document root. This is achieved by exploiting the download parameter in the index.php file. **Recommendations** For Yamamah Photo Gallery version 1.00, consider restricting access to the index.php file or disabling the download parameter to minimize the risk of exploitation.