Ea Ngel

**Name of the Vulnerable Software and Affected Versions** Drunken:Golem Gaming Portal version 0.5.1 alpha 2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path` parameter in the admin/admin news bot.php file. **Recommendations** For Drunken:Golem Gaming Portal version 0.5.1 alpha 2, avoid using the `root path` parameter in the admin/admin news bot.php file until the issue is resolved. Consider restricting access to the admin/admin news bot.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aurora CMS version 1.0.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `AURORA MODULES FOLDER` parameter in the add-ons/modules/sysmanager/plugins/install.plugin.php file. **Recommendations** For Aurora CMS version 1.0.2, avoid using the `AURORA MODULES FOLDER` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClearSite version 4.50 **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `cs base path` parameter in the include/header.php file. **Recommendations** For ClearSite version 4.50, consider restricting access to the `cs base path` parameter to minimize the risk of exploitation. As a temporary workaround, restrict the use of the include/header.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSiteAdmin version 0.9.7 BETA **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter. This is a different vector than previously identified issues. **Recommendations** For OpenSiteAdmin version 0.9.7 BETA, consider restricting access to the `pages/pageHeader.php` file to minimize the risk of exploitation. Avoid using the `path` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BAnner ROtation System mini (BAROSmini) version 0.32.595 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `baros path` parameter to include/common functions.php, and the `main path` parameter to lib users.php, lib stats.php, and lib slots.php in include/lib/. **Recommendations** For version 0.32.595, consider disabling the `baros path` and `main path` parameters in the affected API endpoints until a patch is available. Restrict access to the include/common functions.php, lib users.php, lib stats.php, and lib slots.php files to minimize the risk of exploitation. Avoid using the `baros path` and `main path` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OBOphiX versions 2.7.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `chemin lib` parameter in the fonctions racine.php file. **Recommendations** For OBOphiX versions 2.7.0 and earlier, update to a version later than 2.7.0 to resolve the issue.