Halit Akaydin

**Name of the Vulnerable Software and Affected Versions** e107 CMS version 2.3.0 **Description** Authenticated users with theme installation permissions can execute arbitrary commands by uploading malicious theme files. An attacker can upload a crafted theme package through the 'theme.php' endpoint to deploy a web shell in the `e107 themes` directory and subsequently execute system commands using the `payload.php` script. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImpressCMS version 1.4.2 **Description** The autotasks administrative interface allows authenticated attackers to execute arbitrary PHP code. This is achieved by injecting malicious code into the `sat code` parameter via a POST request to the "/modules/system/admin.php?fct=autotasks&op=mod" endpoint. This process creates an executable file that can accept arbitrary commands through GET parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evolution CMS version 3.1.6 **Description** Authenticated users with module creation permissions can execute arbitrary system commands by injecting PHP code into module parameters. This is achieved by sending POST requests to the "/manager/index.php" endpoint with malicious PHP code within the `post` parameter to create modules that execute commands when invoked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpKF CMS version 3.00 Beta y6 **Description** The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a PHP file disguised as a PNG. After uploading, the file can be renamed and used to execute system commands through a crafted web shell parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebsiteBaker version 2.13.0 **Description** WebsiteBaker version 2.13.0 has a flaw that permits authenticated users with language editing rights to execute code remotely. This is possible through manipulation of parameters within the language installation endpoint, allowing for remote code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMSimple XH version 1.7.4 **Description** The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file, enabling arbitrary command execution on the server. The vulnerability allows for the execution of code on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.