Limanshu

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Online Discussion Forum Project version 1.0 **Description** A remote attacker can execute arbitrary code via the "sendreply.php" file due to a File Upload vulnerability. The uploaded file is received using the `$FILES` variable. This issue allows for unrestricted file upload, potentially leading to remote code execution. It is recommended to patch immediately and check for signs of exploit. Additionally, auditing all file uploads is advised. **Recommendations** For Itsourcecode Online Discussion Forum Project version 1.0, patch the software immediately to fix the File Upload vulnerability. As a temporary workaround, consider restricting access to the "sendreply.php" file until a patch is applied. Also, restrict the use of the `$FILES` variable to minimize the risk of exploitation. Audit all file uploads to ensure no malicious files have been uploaded.

**Name of the Vulnerable Software and Affected Versions** Itsourcecode Online Discussion Forum Project version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via the "poster.php" file. The uploaded file is received using the `$ FILES` variable. This enables the attacker to potentially compromise the system. **Recommendations** For Itsourcecode Online Discussion Forum Project version 1.0, consider disabling the file upload functionality in the "poster.php" file until a patch is available. Restrict access to the `$ FILES` variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.