Mp

**Name of the Vulnerable Software and Affected Versions** Softerra PHP Developer Library version 1.5.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lib dir` parameter in files such as 'lib/registry.lib.php', 'lib/sqlcompose.lib.php', and 'lib/sqlsearch.lib.php'. **Recommendations** For Softerra PHP Developer Library version 1.5.3 and earlier, consider restricting access to the `lib dir` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `lib dir` parameter with untrusted input in the API endpoints related to these files.

**Name of the Vulnerable Software and Affected Versions** Php AMX version 0.9.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `plug path` parameter, specifically in the plugins/main.php file. This is possible when register globals is enabled or magic quotes gpc is disabled. **Recommendations** For Php AMX version 0.9.0, consider disabling the register globals setting and enabling magic quotes gpc to minimize the risk of exploitation. Additionally, restrict access to the plugins/main.php file and avoid using the `plug path` parameter in URLs until a patch is available.