Mahmood Ali

Name of the Vulnerable Software and Affected Versions: Uberghey CMS version 0.3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `setup folder` parameter in the frontpage.php file. Recommendations: For Uberghey CMS version 0.3.1, consider restricting access to the `setup folder` parameter in the frontpage.php file until a patch is available. As a temporary workaround, avoid using the `setup folder` parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EXlor version 1.0 **Description** A remote file inclusion issue in the fonctions/template.php file allows remote attackers to execute arbitrary PHP code via a URL in the `repphp` parameter. **Recommendations** For EXlor version 1.0, consider restricting access to the `repphp` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.