Shm

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.37 PHP versions 5.6.x prior to 5.6.23 PHP versions 7.x prior to 7.0.8 **Description** The issue is related to a double free vulnerability in the mbstring extension of the PHP interpreter, specifically in the php mb regex ereg replace exec function. This vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service, resulting in an application crash. The exploitation is possible by leveraging a callback exception. **Recommendations** For PHP versions prior to 5.5.37, update to version 5.5.37 or later. For PHP versions 5.6.x prior to 5.6.23, update to version 5.6.23 or later. For PHP versions 7.x prior to 7.0.8, update to version 7.0.8 or later.

Name of the Vulnerable Software and Affected Versions: phpBlueDragon version 2.9.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `vsDragonRootPath` parameter to several PHP files, including "team admin.php", "rss admin.php", "manual admin.php", and "forum admin.php" in the "includes/root modules/" directory. Recommendations: For phpBlueDragon version 2.9.1, consider restricting access to the `vsDragonRootPath` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `vsDragonRootPath` parameter in the API endpoints related to the mentioned PHP files.