Ciph3R

**Name of the Vulnerable Software and Affected Versions** Boonex Orca versions 2.0 through 2.0.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `gConf[dir][layouts]` parameter when `register globals` is enabled. **Recommendations** For versions 2.0 through 2.0.2, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `layout/default/params.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `gConf[dir][layouts]` parameter in affected setups until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Stash version 1.0.3 **Description** The issue allows remote attackers to bypass authentication and gain administrative access by setting a `bsm` cookie in the `admin/login.php` file. **Recommendations** For Stash version 1.0.3, consider restricting access to the `admin/login.php` file until a patch is available. As a temporary workaround, avoid using the `bsm` cookie in the authentication process to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPortal version 1.2 Beta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `icerikyolu`, `sayfaid`, and `uzanti` parameters. This can be exploited by providing a malicious URL to these parameters. **Recommendations** For PHPortal version 1.2 Beta, consider restricting access to the `gunaysoft.php` file in the `sablonlar/gunaysoft` directory to minimize the risk of exploitation. Avoid using the `icerikyolu`, `sayfaid`, and `uzanti` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Orlando CMS version 0.6 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `preloc` parameter to specific PHP files, including "modules/core/logger/init.php" and "AJAX/newscat.php". **Recommendations** For Orlando CMS version 0.6, consider restricting access to the `modules/core/logger/init.php` and `AJAX/newscat.php` files until a patch is available. As a temporary workaround, avoid using the `preloc` parameter in these files to minimize the risk of exploitation.