Condemned

**Name of the Vulnerable Software and Affected Versions** Ignition version 1.2 **Description** The issue concerns multiple directory traversal vulnerabilities. When magic quotes gpc is disabled, remote attackers can include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `blog` parameter to specific API endpoints, such as "comment.php" and "view.php". **Recommendations** For Ignition version 1.2, consider disabling the execution of files from user-inputted paths until a patch is available. Restrict access to the "comment.php" and "view.php" endpoints to minimize the risk of exploitation. Avoid using the `blog` parameter in these endpoints until the issue is resolved. Enable magic quotes gpc to prevent attackers from injecting malicious input.

**Name of the Vulnerable Software and Affected Versions** LoveCMS version 1.6.2 Final with Download Manager module version 1.0 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `uploads/` directory through the admin/index.php file in the Download Manager module, and then accessing it via a direct request. **Recommendations** For LoveCMS version 1.6.2 Final with Download Manager module version 1.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the `uploads/` directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: TaskDriver versions 1.3 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting the `auth` cookie to "fook!admin." Recommendations: For TaskDriver versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Kensei Board versions 2.0.0b and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `f` and `t` parameters in a "showforum" action. Recommendations: For versions 2.0.0b and earlier, consider restricting access to the "showforum" action until a patch is available. As a temporary workaround, avoid using the `f` and `t` parameters in the "showforum" action to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MyioSoft AjaxPortal version 3.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the ajaxp backend.php file. Recommendations: For MyioSoft AjaxPortal version 3.0, consider restricting access to the ajaxp backend.php file until a patch is available. As a temporary workaround, avoid using the `page` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MyTopix versions 1.3.0 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `send` parameter in a "notes" action in the index.php file. Recommendations: For MyTopix versions 1.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RiotPix versions 0.61 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter in the "read.php" file. **Recommendations** For RiotPix versions 0.61 and earlier, avoid using the `forumid` parameter in the read.php file until the issue is resolved. As a temporary workaround, consider restricting access to the read.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LoveCMS version 1.6.2 Final **Description** The issue allows remote attackers to delete arbitrary files by exploiting a directory traversal vulnerability in the system/admin/images.php file. This is achieved by using a .. (dot dot) in the `delete` parameter. **Recommendations** For LoveCMS version 1.6.2 Final, consider restricting access to the system/admin/images.php file until a patch is available. As a temporary workaround, avoid using the `delete` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mini CMS version 1.0.1 **Description** The issue concerns directory traversal vulnerabilities in the index.php file of Mini CMS. These vulnerabilities allow remote attackers to include and execute arbitrary local files by utilizing a .. (dot dot) in the `page` and `admin` parameters. **Recommendations** For Mini CMS version 1.0.1, consider restricting access to the `page` and `admin` parameters in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `page` and `admin` parameters with untrusted input until a patch is available.

**Name of the Vulnerable Software and Affected Versions** My Simple Forum versions 3.0 through 4.1 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `action` parameter in index.php when `magic quotes gpc` is disabled. **Recommendations** For My Simple Forum versions 3.0 through 4.1, consider disabling the execution of files through the `action` parameter in index.php until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the `action` parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mini Blog version 1.0.1 **Description** The issue concerns directory traversal vulnerabilities in the index.php file. Remote attackers can exploit this to include and execute arbitrary local files by using a .. (dot dot) in the `page` and `admin` parameters. **Recommendations** For Mini Blog version 1.0.1, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `page` and `admin` parameters in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Simple Forum version 3.1d for LoveCMS version 1.6.2 Final **Description** The issue allows remote attackers to change the administrator password by making a direct request to the "modules/simpleforum/admin/index.php" API endpoint. This is due to the module not properly restricting access to administrator functions. **Recommendations** For The Simple Forum version 3.1d, restrict access to the "modules/simpleforum/admin/index.php" endpoint to prevent unauthorized password changes. Consider temporarily disabling the administrator functions in the Simple Forum module until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** Werner Hilversum FAQ Manager version 1.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat id` parameter in the catagorie.php file. **Recommendations** For Werner Hilversum FAQ Manager version 1.2, consider restricting access to the catagorie.php file until a patch is available, and avoid using the `cat id` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ScriptsEz FREEze Greetings version 1.0 **Description** The issue allows remote attackers to obtain cleartext passwords due to insufficient access control of the pwd.txt file stored under the web root. **Recommendations** For ScriptsEz FREEze Greetings version 1.0, consider restricting access to the pwd.txt file to prevent unauthorized access until a proper fix is available. As a temporary workaround, moving the pwd.txt file outside of the web root or implementing proper access controls can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** txtCMS version 0.3 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `id` parameter, when `register globals` is enabled and `magic quotes gpc` is disabled. **Recommendations** For txtCMS version 0.3, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, restrict access to the `id` parameter in the index.php file to minimize the risk of arbitrary file inclusion.

**Name of the Vulnerable Software and Affected Versions** LokiCMS versions 0.3.3 and earlier **Description** The issue allows remote attackers to delete arbitrary files by exploiting a directory traversal vulnerability in the admin.php file. This is achieved by using a .. (dot dot) in the `delete` parameter. **Recommendations** For LokiCMS versions 0.3.3 and earlier, update to a version later than 0.3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TinyCMS version 1.1.2 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `config[template]` parameter, when `register globals` is enabled and `magic quotes gpc` is disabled. **Recommendations** For TinyCMS version 1.1.2, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, restrict access to the `templater.php` file in the ZZ Templater module to minimize the risk of arbitrary file inclusion. Avoid using the `config[template]` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Z-Breaknews version 2.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter. **Recommendations** For Z-Breaknews version 2.0, consider restricting access to the `id` parameter in the single.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cyberBB version 0.6 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible via the `id` parameter to "show topic.php" and the `user` parameter to "profile.php". **Recommendations** For cyberBB version 0.6, consider restricting access to the `show topic.php` and `profile.php` scripts until a patch is available. As a temporary workaround, avoid using the `id` parameter in "show topic.php" and the `user` parameter in "profile.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phsBlog version 0.1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in three parameters: `eid` in comments.php, `cid` in index.php, and `urltitle` in entries.php. **Recommendations** For phsBlog version 0.1.1, consider restricting access to the vulnerable parameters `eid`, `cid`, and `urltitle` in their respective files until a patch is available. Avoid using these parameters in the affected API endpoints comments.php, index.php, and entries.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.