B0D0B0P0T

**Name of the Vulnerable Software and Affected Versions** mautic (affected versions not specified) **Description** A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose parameters, such as database credentials, to which they should not have access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XoruX LPAR2RRD and STOR2RRD version 2.70 **Description** The issue allows for command injection via shell metacharacters in a timezone, using the `tz.pl` script with the `cmd=set&tz=OS` command. This can potentially lead to unauthorized execution of system commands. **Recommendations** For XoruX LPAR2RRD and STOR2RRD version 2.70, consider restricting access to the `tz.pl` script until a patch is available. As a temporary workaround, avoid using the `cmd=set&tz=OS` command in the `tz.pl` script to minimize the risk of exploitation.