H4

Name of the Vulnerable Software and Affected Versions: SWSoft Confixx Pro versions 2.0.12 through 3.3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `thisdir` parameter in the `admin/business inc/saveserver.php` file. Recommendations: For SWSoft Confixx Pro versions 2.0.12 through 3.3.1, consider restricting access to the `saveserver.php` file until a patch is available. As a temporary workaround, avoid using the `thisdir` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mail Machine versions 3.989 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `archives` parameter in a "Load" action. This is due to a directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi. **Recommendations** For Mail Machine versions 3.989 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteDepth CMS version 3.44 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `name` parameter of the ShowImage.php file. **Recommendations** For SiteDepth CMS version 3.44, consider restricting access to the ShowImage.php file until a patch is available. As a temporary workaround, avoid using the `name` parameter in the ShowImage.php file to minimize the risk of exploitation.