Eidelweiss

**Name of the Vulnerable Software and Affected Versions** Groone's Simple Contact Form (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `abspath` parameter in the contact/contact.php file. **Recommendations** For Groone's Simple Contact Form, consider restricting access to the `contact/contact.php` file until a patch is available. As a temporary workaround, avoid using the `abspath` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pecio CMS version 2.0.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `template` parameter to various PHP files, including "post.php", "article.php", "blog.php", and "home.php" in the "pec templates/nova-blue/" directory. **Recommendations** For Pecio CMS version 2.0.5, consider disabling access to the "pec templates/nova-blue/" directory or restricting the `template` parameter in the affected PHP files until a patch is available. Avoid using the `template` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Snipe Gallery version 3.1.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfg admin path` parameter to various PHP files, including "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php". **Recommendations** For Snipe Gallery version 3.1.5, consider restricting access to the `cfg admin path` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `cfg admin path` parameter in the specified API endpoints, such as "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 60cycleCMS (affected versions not specified) **Description** The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by using directory traversal sequences in the `DOCUMENT ROOT` parameter to specific API endpoints: "news.php", "submitComment.php", and "sqlConnect.php". **Recommendations** For 60cycleCMS, restrict access to the `news.php`, `submitComment.php`, and `sqlConnect.php` endpoints to minimize the risk of exploitation. Avoid using the `DOCUMENT ROOT` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 29o3 CMS version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `LibDir` parameter to several PHP files, including "lib/page/pageDescriptionObject.php", "lib/layout/layoutHeaderFuncs.php", "lib/layout/layoutManager.php", and "lib/layout/layoutParser.php". **Recommendations** For 29o3 CMS version 0.1, as a temporary workaround, consider restricting access to the `LibDir` parameter in the affected PHP files until a patch is available. Avoid using the `LibDir` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Irmin CMS (formerly Pepsi CMS) version 0.6 BETA2 **Description** A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot) in the `w` parameter to the "index.php" endpoint. **Recommendations** For Irmin CMS (formerly Pepsi CMS) version 0.6 BETA2, as a temporary workaround, consider restricting access to the `w` parameter in the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Irmin CMS (formerly Pepsi CMS) versions 0.5 through 0.6 BETA2 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary files. This is possible when register globals is enabled, and a .. (dot dot) is used in the ` Root Path` parameter. **Recommendations** For Irmin CMS (formerly Pepsi CMS) versions 0.5 through 0.6 BETA2, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the includes/template-loader.php file to minimize the risk of arbitrary file inclusion. Avoid using the ` Root Path` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DynPG CMS versions 4.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `DefineRootToTool` parameter to "counter.php", the `PathToRoot` parameter to "plugins/DPGguestbook/guestbookaction.php", and the `get popUpResource` parameter to "backendpopup/popup.php". The attack is possible when `magic quotes gpc` is disabled and `register globals` is enabled. **Recommendations** For DynPG CMS versions 4.1.0 and earlier, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, as a temporary workaround, restrict access to the vulnerable parameters `DefineRootToTool`, `PathToRoot`, and `get popUpResource` in the respective PHP files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** justVisual CMS version 2.0 **Description** A directory traversal issue exists in index.php, allowing remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. This is achieved by using directory traversal sequences in the `p` parameter. **Recommendations** For justVisual CMS version 2.0, consider disabling the use of the `p` parameter in index.php or enabling magic quotes gpc to minimize the risk of exploitation. Additionally, restrict access to sensitive files and directories to prevent unauthorized inclusion and execution.