Dominus_Vis

**Name of the Vulnerable Software and Affected Versions** Mafia Blog version .4 BETA **Description** The issue allows remote attackers to execute arbitrary PHP code. This is possible because the admin directory is not properly protected, enabling attackers to inject code into info.php using writeinfo.php. **Recommendations** For Mafia Blog version .4 BETA, consider restricting access to the admin directory and the writeinfo.php file to prevent arbitrary PHP code execution until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** All4WWW-Homepagecreator version 1.0a **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `site` parameter in the index.php file to reference a URL on a remote web server that contains the code. This can be done through the API endpoint, specifically by manipulating the `site` variable. **Recommendations** For All4WWW-Homepagecreator version 1.0a, consider restricting access to the index.php file and avoid using the `site` parameter to reference external URLs until a patch is available. As a temporary workaround, restrict the `site` parameter to only reference local URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KnowledgeBuilder (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `page` parameter in `index.php` to reference a URL on a remote web server that contains the code. This can be done by accessing the `/index.php` endpoint and manipulating the `page` variable to point to a malicious PHP script hosted on a different server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.