Nextman

**Name of the Vulnerable Software and Affected Versions** AEDating versions 4.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir[inc]` parameter in (1) "inc/design.inc.php" or (2) "inc/admin design.inc.php". **Recommendations** For AEDating versions 4.1 and earlier, consider restricting access to the `inc/design.inc.php` and `inc/admin design.inc.php` files until a patch is available. Avoid using the `dir[inc]` parameter in these files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlashChat versions prior to 4.6.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir[inc]` parameter in certain PHP files, including `inc/cmses/aedatingCMS.php`, `inc/cmses/aedatingCMS2.php`, and `inc/cmses/aedating4CMS.php`. **Recommendations** For versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dir[inc]` parameter in the affected PHP files until a patch is applied.