Mogatil

Name of the Vulnerable Software and Affected Versions: Picturesolution versions 2.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter in the install/config.php file. Recommendations: For Picturesolution versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WAnewsletter versions 2.1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `waroot` parameter in the newsletter.php file. **Recommendations** For WAnewsletter versions 2.1.3 and earlier, update to a version later than 2.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Feindt Computerservice News (News-Script) version 2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `action` parameter in the newsadmin.php file. **Recommendations** For Feindt Computerservice News (News-Script) version 2.0, consider restricting access to the newsadmin.php file and avoid using the `action` parameter in this file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PclTar module in PhpConcept Library versions prior to the version that fixes the issue **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `g pcltar lib dir` parameter. This is related to a PHP remote file inclusion vulnerability in the pcltrace.lib.php file. **Recommendations** For versions prior to the fixed version, consider restricting access to the `g pcltar lib dir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.