Mdx

**Name of the Vulnerable Software and Affected Versions** SyndeoCMS version 2.5.01 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cmsdir` parameter. This is a different vector than previously identified issues. **Recommendations** For SyndeoCMS version 2.5.01, consider restricting access to the `main.inc.php` file in the `starnet/themes/c-sky` directory to minimize the risk of exploitation. Avoid using the `cmsdir` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Joomla Flash Uploader component for Joomla! version 2.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter to specific PHP files, including 'install.joomla flash uploader.php' and 'uninstall.joomla flash uploader.php'. Recommendations: For version 2.5.1, consider disabling access to 'install.joomla flash uploader.php' and 'uninstall.joomla flash uploader.php' until a patch is available. Restrict the use of the `mosConfig absolute path` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Expow version 0.8 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfg file` parameter in the autoindex.php file. **Recommendations** For Expow version 0.8, consider restricting access to the autoindex.php file or the `cfg file` parameter to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: b2 Blog versions 0.5 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `index` parameter in the b2verifauth.php file. Recommendations: For b2 Blog versions 0.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Keep It Simple Guest Book (KISGB) (affected versions not specified) Description: A remote file inclusion issue exists in the authenticate.php file of Keep It Simple Guest Book (KISGB). This issue allows remote attackers to execute arbitrary PHP code when PHP is executed through CGI. The vulnerability is exploited via a URL in the `default path to themes` parameter. Recommendations: As a temporary workaround, consider restricting access to the `authenticate.php` file until a patch is available. Avoid using the `default path to themes` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Valdersoft Shopping Cart versions 3.0 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `commonIncludePath` parameter to API endpoints such as "admin/include/common.php", "include/common.php", or "common include/common.php". Recommendations: For Valdersoft Shopping Cart versions 3.0 and earlier, consider restricting access to the `commonIncludePath` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `commonIncludePath` parameter in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Barry Nauta BRIM version 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `renderer` parameter in template.tpl.php across multiple templates. **Recommendations** For Barry Nauta BRIM version 1.2.1 and earlier, consider disabling the `renderer` parameter in template.tpl.php until a patch is available to prevent remote file inclusion attacks. Restrict access to the template files in the affected directories to minimize the risk of exploitation. Avoid using the `renderer` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AFGB GUESTBOOK version 2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Htmls` parameter in several PHP files, including "add.php", "admin.php", "look.php", and "re.php". **Recommendations** For AFGB GUESTBOOK version 2.2, consider restricting access to the `Htmls` parameter in the affected PHP files until a patch is available. As a temporary workaround, disabling the execution of remote PHP code in these files can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** n@board versions 3.1.9e and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `skin` parameter. This is a result of a PHP remote file inclusion vulnerability in the naboard pnr.php file. **Recommendations** For versions 3.1.9e and earlier, update to a version later than 3.1.9e to resolve the issue. As a temporary workaround, consider restricting access to the naboard pnr.php file to minimize the risk of exploitation. Avoid using the `skin` parameter in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Quicksilver Forums (QSF) versions 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `set[include path]` parameter in the lib/activeutil.php file. **Recommendations** For Quicksilver Forums (QSF) versions 1.2.1 and earlier, consider restricting access to the lib/activeutil.php file until a patch is available. Avoid using the `set[include path]` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo com lurm constructor versions 0.6b and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lm absolute path` parameter in the admin.lurm constructor.php file of the Lurm Constructor component. **Recommendations** For versions 0.6b and earlier, consider restricting access to the admin.lurm constructor.php file until a patch is available. Avoid using the `lm absolute path` parameter in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo version 1.1 **Description** The issue concerns a remote file inclusion vulnerability in the bigAPE-Backup component. It allows remote attackers to include arbitrary files via the `mosConfig absolute path` parameter. **Recommendations** For Mambo version 1.1, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved. Restrict access to the vulnerable bigAPE-Backup component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo com mambelfish versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the mambelfish component. **Recommendations** For versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mambo com mmp versions 1.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the help.mmp.php file of the MMP Component. **Recommendations** For versions 1.2 and earlier, update to a version later than 1.2 to resolve the issue. As a temporary workaround, consider restricting access to the `help.mmp.php` file in the MMP Component to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EternalMart Guestbook (EMGB) version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `emgb admin path` parameter in the admin/auth.php file. **Recommendations** For EternalMart Guestbook (EMGB) version 1.1, avoid using the `emgb admin path` parameter in the admin/auth.php file until the issue is resolved. As a temporary workaround, consider restricting access to the admin/auth.php file to minimize the risk of exploitation.