Diddymus

Name of the Vulnerable Software and Affected Versions: v-creator versions prior to 1.3-pre3 Description: The issue allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions, when the VC CRYPTO METHOD option is set to OPENSSL. Recommendations: For versions prior to 1.3-pre3, update to version 1.3-pre3 or later to resolve the issue. As a temporary workaround, consider disabling the encrypt and decrypt functions until a patch is available. Restrict access to VCEngine.php to minimize the risk of exploitation.