Kingoftheworld

**Name of the Vulnerable Software and Affected Versions** SineCMS versions 2.3.5 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved via the `sine[config][index main]` parameter in mods/Integrated/index.php when register globals is enabled. **Recommendations** For SineCMS versions 2.3.5 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the mods/Integrated/index.php file and avoid using the `sine[config][index main]` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zero CMS versions 1.0 Alpha and earlier **Description** The issue allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as `image/jpeg`. This enables attackers to potentially execute malicious code on the server. **Recommendations** For Zero CMS versions 1.0 Alpha and earlier, consider restricting the upload of files to only necessary and validated types to prevent the execution of arbitrary files. As a temporary workaround, restrict access to the avatar upload feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zero CMS version 1.0 Alpha **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to "index.php", or the `f` or `t` parameters to "forums/index.php". **Recommendations** For Zero CMS version 1.0 Alpha, consider restricting access to the `id`, `f`, and `t` parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in "index.php" and "forums/index.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Flat PHP Board versions 1.2 and earlier **Description** The issue allows remote attackers to create arbitrary files via a .. (dot dot) in the `username` parameter when registering a user account. Additionally, it enables reading arbitrary PHP files via a .. (dot dot) in the `topic` parameter in a topic action or the `username` parameter in a viewprofile action. **Recommendations** For Flat PHP Board versions 1.2 and earlier, as a temporary workaround, consider restricting the use of the `username` parameter in the registration process and limiting access to sensitive PHP files until a patch is available. Avoid using the `topic` parameter in topic actions and the `username` parameter in viewprofile actions with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Flat PHP Board versions 1.2 and earlier **Description** The issue allows remote attackers to obtain credentials via a direct request for the `username` php file for any user account in the `users/` directory, due to insufficient access control of sensitive information stored under the web root. **Recommendations** For Flat PHP Board versions 1.2 and earlier, consider restricting access to the `users/` directory to minimize the risk of exploitation. As a temporary workaround, restrict direct requests for php files in the `users/` directory until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flat PHP Board versions 1.2 and earlier **Description** A direct static code injection issue allows remote attackers to inject arbitrary PHP code via the `username`, `password`, and `email` parameters when registering a user account. This injected code can be executed by accessing the user's PHP file for the account. Similar code injection might also be possible in a user profile. **Recommendations** For Flat PHP Board versions 1.2 and earlier, as a temporary workaround, consider restricting access to the user registration functionality and the affected PHP files until a fix is available. Avoid using the `username`, `password`, and `email` parameters in the registration process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flat PHP Board versions 1.2 and earlier **Description** The issue allows remote authenticated users to obtain the password for the current user account by reading the `password` parameter value in the HTML source for the page generated by a profile action. **Recommendations** For Flat PHP Board versions 1.2 and earlier, consider restricting access to the profile action page until a fix is available, and avoid using the `password` parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flat PHP Board versions 1.2 and earlier **Description** The issue allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the `fpb username` cookie. **Recommendations** For Flat PHP Board versions 1.2 and earlier, as a temporary workaround, consider restricting access to sensitive user account information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SineCMS versions 2.3.4 and earlier **Description** The issue affects the guestbook component, where multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the `username` (user) or `comment` (commento) field. **Recommendations** For SineCMS versions 2.3.4 and earlier, update to a version later than 2.3.4 to resolve the issue. As a temporary workaround, consider restricting user input in the `username` and `comment` fields to minimize the risk of exploitation. Avoid using the `username` and `comment` fields in the guestbook until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SineCMS versions 2.3.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `id` parameter to 'mods/Calendar/index.php' accessed through a Calendar info action to 'mods.php', the `id` parameter to 'admin/mods adm.php' in a Guestbook modifica or Calendar modify action, or the `mese` or `anno` parameters to 'admin/mods adm.php' in a Calendar action. Some vectors might be limited to administrators. **Recommendations** For SineCMS versions 2.3.4 and earlier, consider disabling the SQL execution functionality in the affected modules until a patch is available. Restrict access to the 'mods/Calendar/index.php' and 'admin/mods adm.php' scripts to minimize the risk of exploitation. Avoid using the `id`, `mese`, and `anno` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MWOpen versions 1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the leggi commenti.asp file. **Recommendations** For MWOpen versions 1.4 and earlier, avoid using the `id` parameter in the leggi commenti.asp file until a fix is available. As a temporary workaround, consider restricting access to the leggi commenti.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eurologon CMS (affected versions not specified) **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `file` parameter within a download action. For example, accessing a certain PHP file that contains database credentials is possible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eurologon CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via the `id` parameter in several API endpoints: "reviews.php", "links.php", and "articles.php". **Recommendations** For all affected versions, consider restricting access to the `id` parameter in the "reviews.php", "links.php", and "articles.php" endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tilde CMS versions 4.x and earlier **Description** The issue allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. **Recommendations** For versions 4.x and earlier, update to a version later than 4.x to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tilde CMS versions 4.x and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `aarstal` parameter in a "yeardetail" action. **Recommendations** For versions 4.x and earlier, update to a version that fixes this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider restricting access to the "yeardetail" action in index.php until a patch is available. Avoid using the `aarstal` parameter in the affected action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ben Ng Scribe versions 0.2 and earlier **Description** A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into a certain file in regged/ via the `username` parameter in a Register action. This issue may be related to the `register` function in forumfunctions.php. **Recommendations** For Ben Ng Scribe versions 0.2 and earlier, as a temporary workaround, consider restricting access to the `username` parameter in the Register action until a patch is available. Avoid using the `username` parameter in the affected registration functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ben Ng Scribe versions 0.2 and earlier **Description** The issue allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the `username` parameter in a "Register" action. This is due to a directory traversal vulnerability in the forum.php file. **Recommendations** For Ben Ng Scribe versions 0.2 and earlier, as a temporary workaround, consider restricting access to the Register action in the forum.php file until a patch is available. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firewolf Technologies Synergiser versions 1.2 RC1 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `page` parameter of the index.php file. This can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration. **Recommendations** For Firewolf Technologies Synergiser versions 1.2 RC1 and earlier, consider restricting access to the index.php file until a fix is available. As a temporary workaround, avoid using the `page` parameter in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Flatnuke version 3 **Description** A direct static code injection issue exists in the download module, allowing remote authenticated administrators to inject arbitrary PHP code into a description.it.php file by saving a description and setting `fneditmode` to 1. Unauthenticated remote attackers can also exploit this issue by leveraging a cookie manipulation problem. **Recommendations** For Flatnuke version 3, as a temporary workaround, consider disabling the download module until a patch is available. Restrict access to the description.it.php file to minimize the risk of exploitation. Avoid using the `fneditmode` variable in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flatnuke version 3 **Description** The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid `argumentname` parameter in a `disc op` action to the `index.php` file in the File Manager module, which results in the path being revealed in an error message. **Recommendations** For Flatnuke version 3, consider restricting access to the `index.php` file in the File Manager module until a patch is available. As a temporary workaround, avoid using the `argumentname` parameter in the affected `disc op` action to minimize the risk of exploitation.