Cijfer

**Name of the Vulnerable Software and Affected Versions** Aardvark Topsites PHP versions 4.2.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via the `CONFIG[path]` parameter. An example of exploitation includes including a GIF file that contains PHP code. **Recommendations** For versions 4.2.2 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the sources/lostpw.php file until a fix is available. Avoid using the `CONFIG[path]` parameter in sensitive operations to minimize risk.

Name of the Vulnerable Software and Affected Versions: Valdersoft Shopping Cart version 3.0 Description: The issue allows remote attackers to execute arbitrary code via a URL in the `catalogDocumentRoot` parameter in certain PHP scripts, including `include/templates/categories/default.php`. Recommendations: For Valdersoft Shopping Cart version 3.0, consider restricting access to the `catalogDocumentRoot` parameter to minimize the risk of exploitation. As a temporary workaround, restrict the use of the vulnerable `include/templates/categories/default.php` script until a patch is available.

Name of the Vulnerable Software and Affected Versions: CubeCart (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `glob[rootDir]` parameter in the includes/orderSuccess.inc.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.