Basher13

**Name of the Vulnerable Software and Affected Versions** Somery version 0.4.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `skindir` parameter. It is recommended to remove install.php after installation to prevent exploitation. **Recommendations** For Somery version 0.4.6, remove the install.php file after installation to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OPENi-CMS version 1.0.1 and possibly earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config[openi dir]` parameter in the openi-admin/base/fileloader.php file. **Recommendations** For OPENi-CMS version 1.0.1 and possibly earlier, avoid using the `config[openi dir]` parameter in the openi-admin/base/fileloader.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Somery versions 0.4.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `skindir` parameter when `register globals` is enabled. This is related to a remote file inclusion vulnerability in the `admin/system/include.php` file. **Recommendations** For Somery versions 0.4.6 and earlier, consider disabling the `register globals` setting to mitigate the risk of exploitation. Additionally, restrict access to the `admin/system/include.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `skindir` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tashcom ASPEdit version 2.9 **Description** The issue allows local users to potentially view the administration password, also known as the FTP password, as it is stored in cleartext in the registry. **Recommendations** For Tashcom ASPEdit version 2.9, consider changing the administration password and storing it securely to prevent unauthorized access. As a temporary workaround, restrict local access to the system to minimize the risk of password exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DataTrac Activity Console version 1.1 **Description** The issue allows remote attackers to cause a denial of service. This can be achieved via a long HTTP GET request. **Recommendations** For DataTrac Activity Console version 1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Photopost PHP Pro (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `verifykey` parameter in the "member.php" file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.