Pehelwan

**Name of the Vulnerable Software and Affected Versions** DanWin hosting versions through 2018-02-11 **Description** A CSRF issue was found in `var/www/html/files.php` that allows arbitrary remote users to add, delete, or modify any files in any hosting account. **Recommendations** For versions through 2018-02-11, update to a version released after 2018-02-11 to resolve the issue. As a temporary workaround, consider restricting access to the `files.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Anchor version 0.12.3 **Description** An issue was discovered in the `config/error.php` file. The error log is exposed at the "errors.log" URI and contains MySQL credentials if a MySQL error, such as "Too many connections", has occurred. **Recommendations** For Anchor version 0.12.3, consider restricting access to the "errors.log" URI to prevent exposure of MySQL credentials. As a temporary workaround, restrict access to the `config/error.php` file until a patch is available.