Inyexion

**Name of the Vulnerable Software and Affected Versions** Sinato jmuffin (affected versions not specified) **Description** The issue concerns remote file inclusion vulnerabilities in the html/php/detail.php file of Sinato jmuffin. This allows remote attackers to execute arbitrary PHP code by providing a URL in the `relPath` and `folder` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Post Revolution versions 6.6 through 7.0 RC2 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `dir` parameter to specific PHP files, such as `common.php` or `themes/default/preview post completo.php`. **Recommendations** For Post Revolution versions 6.6 through 7.0 RC2, consider restricting access to the `common.php` and `themes/default/preview post completo.php` files until a patch is available. Avoid using the `dir` parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.