Nourredine Himeur

**Name of the Vulnerable Software and Affected Versions** @lex Guestbook (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `chem absolu` parameter to reference a URL on a remote web server that contains the code. This is related to a remote file inclusion vulnerability in the livre include.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Les Commentaires version 2.0 **Description** The issue concerns remote file inclusion vulnerabilities in certain PHP files, specifically fonctions.lib.php, derniers commentaires.php, and admin.php. These vulnerabilities allow remote attackers to execute arbitrary PHP code via the `rep` parameter. **Recommendations** For Les Commentaires version 2.0, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the `rep` parameter in the affected files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Formmail.php versions 5.0 and earlier **Description** The issue allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer. This can be demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue, potentially leveraging the `check referer()` function. **Recommendations** For Formmail.php versions 5.0 and earlier, consider disabling the `check referer()` function until a patch is available to prevent bypassing access restrictions.