Cengiz-Han

**Name of the Vulnerable Software and Affected Versions** Simple Discussion Board version 0.1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `env dir` parameter to endpoints such as "blank.php", "admin.php", or "builddb.php", and the `script root` parameter to "blank.php". **Recommendations** For Simple Discussion Board version 0.1.0, consider disabling access to the `blank.php`, `admin.php`, and `builddb.php` endpoints until a fix is available. Restrict the use of the `env dir` and `script root` parameters in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vitrax Premodded phpBB versions 1.0.6-R3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter. This is a result of a PHP remote file inclusion vulnerability in the `includes/functions portal.php` file. **Recommendations** For versions 1.0.6-R3 and earlier, consider restricting access to the `phpbb root path` parameter to minimize the risk of exploitation. Avoid using the `phpbb root path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** php(Reactor) version 1.27pl1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pathtohomedir` parameter in the editprofile.php file. **Recommendations** For php(Reactor) version 1.27pl1, consider restricting access to the editprofile.php file until a patch is available, and avoid using the `pathtohomedir` parameter in this file to minimize the risk of exploitation.