Skyout

**Name of the Vulnerable Software and Affected Versions** AproxEngine version 5.1.0.4 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `page` parameter of the index.php file, potentially leading to unauthorized access and execution of system files. **Recommendations** For AproxEngine version 5.1.0.4, consider restricting access to the index.php file or validating the `page` parameter to prevent directory traversal attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MyNews versions 1.6.0 through 1.6.4 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `hash` parameter in an admin action to "index.php". **Recommendations** For MyNews versions 1.6.0 through 1.6.4, consider restricting access to the `hash` parameter in the "index.php" admin action until a fix is available. Avoid using the `hash` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.