Mozi

Name of the Vulnerable Software and Affected Versions: PassWiki versions 0.9.16 RC3 and earlier Description: A directory traversal issue exists, allowing remote attackers to read arbitrary local files. This is achieved by using a .. (dot dot) in the `site id` parameter of the passwiki.php file. Recommendations: For PassWiki versions 0.9.16 RC3 and earlier, as a temporary workaround, consider restricting access to the passwiki.php file until a patch is available. Avoid using the `site id` parameter in the affected passwiki.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CaupoShop Pro versions 2.x **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `action` parameter in the index.php file. This can be exploited by sending a malicious URL to the vulnerable endpoint. **Recommendations** For CaupoShop Pro versions 2.x, consider restricting access to the index.php file or disabling the `action` parameter until a patch is available. Avoid using the `action` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Article Directory (Article Site Directory) (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter in the index.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BBS E-Market (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `p mode` parameter in the postscript/postscript.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mani Stats Reader versions 1.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ipath` parameter in the index.php file. **Recommendations** For Mani Stats Reader versions 1.2 and earlier, consider restricting access to the `ipath` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `ipath` parameter with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyProfiler versions 0.9.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `pmp rel path` parameter. **Recommendations** For phpMyProfiler versions 0.9.6 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Avoid using the `pmp rel path` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpGreetz versions 0.99 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PHPGREETZ INCLUDE DIR` parameter in the includes/footer.php file. **Recommendations** For phpGreetz versions 0.99 and earlier, consider restricting access to the `PHPGREETZ INCLUDE DIR` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.