Madelman

**Name of the Vulnerable Software and Affected Versions** Minis version 0.2.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by utilizing a .. (dot dot) in the `month` parameter of the minis.php file. **Recommendations** For Minis version 0.2.1, consider restricting access to the minis.php file or the `month` parameter to prevent exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog (SPHPBlog) version 0.3.7c **Description** A directory traversal issue exists, allowing remote attackers to read or create arbitrary files by utilizing a .. (dot dot) in the `entry` parameter. **Recommendations** For Simple PHP Blog (SPHPBlog) version 0.3.7c, consider restricting access to the `entry` parameter to prevent directory traversal attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP Gift Registry versions 1.4.0 through 1.5.0b1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities in the index.php file via the `messageid`, `shopper`, `shopfor`, or `itemid` parameters. **Recommendations** For PHP Gift Registry versions 1.4.0 through 1.5.0b1, update to version 1.5.0b1 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the `messageid`, `shopper`, `shopfor`, and `itemid` parameters to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Minis version 0.2.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending an HTTP request for a file that the web server does not have permission to read, using the `month` parameter. **Recommendations** For Minis version 0.2.1, consider restricting access to the `minis.php` file until a patch is available, or apply configuration changes to prevent the web server from attempting to read files it does not have permission to access.

**Name of the Vulnerable Software and Affected Versions** QwikiWiki (affected versions not specified) **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) and a %00 at the end of the filename in the `page` parameter of the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.