Sp1D3Rl1

**Name of the Vulnerable Software and Affected Versions** Mecha CMS version 3.0.0 **Description** The issue allows an attacker to construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the deletion of arbitrary files or website takeover. This is due to a Directory Traversal vulnerability. **Recommendations** For Mecha CMS version 3.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPVibe version 11.0.46 **Description** The issue is related to directory travel in PHPVibe, caused by incomplete blacklist checksums and directory checks. This can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. **Recommendations** For PHPVibe version 11.0.46, update to a version that addresses the incomplete blacklist checksums and directory checks to prevent code execution via malicious file writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.