Solpot

**Name of the Vulnerable Software and Affected Versions** phpQ version 3.12 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpQRootDir` parameter in the inc/ifunctions.php file. **Recommendations** For phpQ version 3.12, consider restricting access to the inc/ifunctions.php file to minimize the risk of exploitation. Avoid using the `phpQRootDir` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpQuiz version 0.01 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pagename` parameter in the index.php file. **Recommendations** For phpQuiz version 0.01, consider restricting access to the `pagename` parameter in the index.php file to minimize the risk of exploitation. Avoid using the `pagename` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mcGalleryPRO 2006 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path to folder` parameter in the random2.php file. **Recommendations** For mcGalleryPRO 2006, consider restricting access to the `random2.php` file or the `path to folder` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpCC versions prior to the fixed version **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `base dir` parameter to API endpoints such as "login.php", "reactivate.php", or "register.php". **Recommendations** For phpCC versions prior to the fixed version, as a temporary workaround, consider restricting access to the vulnerable API endpoints "login.php", "reactivate.php", and "register.php" to minimize the risk of exploitation. Avoid using the `base dir` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.