Sk0L

**Name of the Vulnerable Software and Affected Versions** phpCMS versions 1.2.x through 1.2.1pl1 **Description** A directory traversal issue exists, allowing remote attackers to read or include arbitrary files. This can be achieved by using a .. (dot dot) in the `language` parameter to "parser.php". **Recommendations** For phpCMS versions 1.2.x through 1.2.1pl1, update to version 1.2.1pl2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exhibit Engine (EE) version 1.22 **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters are `search row`, `sort row`, `order`, and `perpage`. **Recommendations** For Exhibit Engine (EE) version 1.22, avoid using the parameters `search row`, `sort row`, `order`, and `perpage` in the list.php file until a fix is available. Consider restricting access to list.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.