Lightsey

**Name of the Vulnerable Software and Affected Versions** Sympa versions through 6.2.57b.2 **Description** The issue allows a local privilege escalation from the sympa user account to full root access. This is achieved by modifying the `sympa.conf` configuration file, which is owned by sympa, and then parsing it through the setuid `sympa newaliases-wrapper` executable. **Recommendations** For versions through 6.2.57b.2, consider restricting access to the `sympa newaliases-wrapper` executable as a temporary workaround until a patch is available. Additionally, limit modifications to the `sympa.conf` configuration file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Phamm versions prior to 0.6.7 **Description** The issue exists in the `login form` function, located in views/helpers.php, and can be exploited via the PATH INFO to main.php. **Recommendations** For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue.