Mahmood_Ali

**Name of the Vulnerable Software and Affected Versions** Vistered Little version 1.6a **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `skin` parameter of the skins/common.css.php file. **Recommendations** For version 1.6a, consider restricting access to the skins/common.css.php file until a patch is available. As a temporary workaround, avoid using the `skin` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyPortal version 3.0.0 RC3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GLOBALS[CHEMINMODULES]` parameter in the inc/articles.inc.php file. **Recommendations** For phpMyPortal version 3.0.0 RC3, consider restricting access to the `inc/articles.inc.php` file to minimize the risk of exploitation. Avoid using the `GLOBALS[CHEMINMODULES]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyReports versions 3.0.11 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfgPathModule` parameter in the include/lib/lib head.php file. **Recommendations** For phpMyReports versions 3.0.11 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.