Sn4K3

**Name of the Vulnerable Software and Affected Versions** CuteNews version 1.4.1 **Description** A directory traversal issue exists in the editnews module, allowing remote attackers to read or modify files via the `source` parameter in certain actions. This can also lead to resultant XSS when the target file does not exist. **Recommendations** For CuteNews version 1.4.1, consider restricting access to the `source` parameter in the editnews module to minimize the risk of exploitation. As a temporary workaround, avoid using the `source` parameter in the affected actions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Confixx versions 3.08 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `change user` field. Recommendations: For Confixx versions 3.08 and earlier, update to a version later than 3.08 to resolve the issue. As a temporary workaround, consider restricting access to the `change user` field to minimize the risk of exploitation.