Heintz

**Name of the Vulnerable Software and Affected Versions** XMB Forum version 1.9.1 **Description** The issue allows remote attackers to modify arbitrary server variables, such as ` SERVER[REMOTE ADDR]`, due to the extraction and definition of all provided variables in the `xmb.php` file. **Recommendations** For XMB Forum version 1.9.1, consider restricting access to the `xmb.php` file until a patch is available, or apply configuration changes to prevent the modification of server variables.

**Name of the Vulnerable Software and Affected Versions** XMB Forum version 1.9.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands by inserting certain values into the `$in` variable in the u2u.inc.php file. **Recommendations** For XMB Forum version 1.9.1, consider restricting access to the u2u.inc.php file or the `$in` variable to minimize the risk of exploitation until a patch is available.