Nt

**Name of the Vulnerable Software and Affected Versions** RUNCMS version 1.1A Ciamos version 0.9.2 RC1 e-Xoops version 1.05 Rev3 **Description** The issue allows remote attackers to obtain sensitive information via an invalid parameter to the `convertorderbytrans` function, which reveals the path in a PHP error message. **Recommendations** For RUNCMS version 1.1A, consider disabling the `convertorderbytrans` function until a patch is available. For Ciamos version 0.9.2 RC1, restrict access to the `Viewcat.php` file to minimize the risk of exploitation. For e-Xoops version 1.05 Rev3, avoid using the `convertorderbytrans` function in the `Viewcat.php` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 **Description** The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the `file` parameter. This can be used to read sensitive information, such as database configuration details from `mainfile.php`. **Recommendations** For RUNCMS version 1.1A, restrict access to the `highlight.php` file to prevent exploitation. For CIAMOS version 0.9.2 RC1, consider disabling the `file` parameter in the `highlight.php` file until a fix is available. For e-Xoops version 1.05 Rev3, avoid using the `file` parameter in the `highlight.php` file to minimize the risk of exploitation.