The Tiger

**Name of the Vulnerable Software and Affected Versions** Focus/SIS version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `FocusPath` parameter. This is a different vector from other known issues. **Recommendations** For Focus/SIS version 1.0, consider restricting access to the `modules/Discipline/StudentFieldBreakdown.php` file to minimize the risk of exploitation. Avoid using the `FocusPath` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Focus/SIS version 2.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `staticpath` parameter to specific PHP files, including modules/Discipline/CategoryBreakdownTime.php and modules/Discipline/StudentFieldBreakdown.php. Recommendations: For Focus/SIS version 2.2, consider restricting access to the `staticpath` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `staticpath` parameter in the modules/Discipline/CategoryBreakdownTime.php and modules/Discipline/StudentFieldBreakdown.php files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Focus/SIS version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `FocusPath` parameter in the modules/Discipline/CategoryBreakdownTime.php file. Recommendations: For Focus/SIS version 1.0, consider restricting access to the vulnerable module or disabling the use of the `FocusPath` parameter to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: PHP Object Framework (PHPOF) versions 20040226 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PHPOF INCLUDE PATH` parameter. This is due to a remote file inclusion vulnerability in the dbmodules/DB adodb.class.php file. Recommendations: For PHP Object Framework (PHPOF) versions 20040226 and earlier, consider restricting access to the `dbmodules/DB adodb.class.php` file to minimize the risk of exploitation. Avoid using the `PHPOF INCLUDE PATH` parameter with untrusted input until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: AnyInventory versions 1.9.1 through 2.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `DIR PREFIX` parameter when `register globals` is enabled. Recommendations: For versions 1.9.1 through 2.0, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `environment.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `DIR PREFIX` parameter in URLs until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: AdminBot MX version 9.0.5 Description: A remote file inclusion issue in the lib/live status.lib.php file allows remote attackers to execute arbitrary PHP code via a URL in the `ROOT` parameter. Recommendations: For AdminBot MX version 9.0.5, consider restricting access to the lib/live status.lib.php file until a patch is available. As a temporary workaround, avoid using the `ROOT` parameter in the affected URL to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Frequency Clock version 0.1b (Beta 0.1) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `securelib` parameter to specific PHP files, including (1) conf.php or (2) cp2.php. **Recommendations** For Frequency Clock version 0.1b (Beta 0.1), avoid using the `securelib` parameter in the affected API endpoints until the issue is resolved. Restrict access to the conf.php and cp2.php files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webavis version 0.1.1 **Description** A remote file inclusion issue in the class/class.php file allows remote attackers to execute arbitrary PHP code via a URL in the `root` parameter. **Recommendations** For Webavis version 0.1.1, consider restricting access to the `class/class.php` file to minimize the risk of exploitation until a patch is available. Avoid using the `root` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mazen's PHP Chat version 3.0.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `basepath` parameter to specific PHP files, including (1) `ITX.php`, (2) `IT Error.php`, or (3) `IT.php` in the `include/pear/` directory. **Recommendations** For Mazen's PHP Chat version 3.0.0, consider restricting access to the `include/pear/` directory to minimize the risk of exploitation. As a temporary workaround, avoid using the `basepath` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ol'bookmarks version 0.7.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root` parameter to various PHP files in the themes/ directory, including (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1 top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1 left.php, and (13) frames1 center.php. **Recommendations** For ol'bookmarks version 0.7.4, consider disabling access to the vulnerable PHP files in the themes/ directory until a patch is available. Restrict access to the `root` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NagiosQL version 2005 2.00 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `SETS[path][physical]` parameter in the functions/prepend adm.php file. **Recommendations** For NagiosQL version 2005 2.00, avoid using the `SETS[path][physical]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Media Gallery versions 1.4.8a and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` MG CONF[path html]` parameter in the `maint/ftpmedia.php` file. This can be exploited by providing a malicious URL, potentially leading to code execution. **Recommendations** For Media Gallery versions 1.4.8a and earlier, consider restricting access to the `maint/ftpmedia.php` file until a patch is available. As a temporary workaround, avoid using the ` MG CONF[path html]` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linksnet Newsfeed version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dirpath linksnet newsfeed` parameter. This is a result of a PHP remote file inclusion vulnerability in the linksnet linkslog rss.php file. **Recommendations** For Linksnet Newsfeed version 1.0, consider restricting access to the `linksnet linkslog rss.php` file until a patch is available. As a temporary workaround, avoid using the `dirpath linksnet newsfeed` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Beacon version 0.2.0 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `languagePath` parameter. **Recommendations** For Beacon version 0.2.0, consider restricting access to the `language/1/splash.lang.php` file until a patch is available. As a temporary workaround, avoid using the `languagePath` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Miplex2 Alpha 1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `system[smarty][dir]` parameter in the lib/smarty/SmartyFU.class.php file. **Recommendations** For Miplex2 Alpha 1, consider restricting access to the `lib/smarty/SmartyFU.class.php` file to minimize the risk of exploitation. Avoid using the `system[smarty][dir]` parameter in affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aForum versions 1.32 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `CommonAbsDir` parameter. This can be achieved by manipulating the URL to include malicious PHP code, which can then be executed by the server. **Recommendations** For aForum versions 1.32 and earlier, update to a version later than 1.32 to resolve the issue. As a temporary workaround, consider restricting access to the `common/func.php` file to minimize the risk of exploitation. Avoid using the `CommonAbsDir` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gallery watermark 0.4.1 mod for Gallery **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GALLERY BASEDIR` parameter in the watermark.php file. This can be exploited by providing a malicious URL. **Recommendations** For Gallery watermark 0.4.1 mod for Gallery, consider restricting access to the `watermark.php` file until a patch is available. As a temporary workaround, avoid using the `GALLERY BASEDIR` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPtree version 1.3 **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `s dir` parameter in the plugin/HP DEV/cms2.php file. **Recommendations** For PHPtree version 1.3, avoid using the `s dir` parameter in the affected API endpoint until the issue is resolved. Restrict access to the plugin/HP DEV/cms2.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Berylium2 version 2003-08-18 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `berylliumroot` parameter. This can be achieved by manipulating the `berylliumroot` parameter in the API endpoint, although the specific endpoint is not specified. **Recommendations** For Berylium2 version 2003-08-18, consider restricting access to the `beryllium-classes.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `berylliumroot` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DynamicPAD versions prior to 1.03.31 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `HomeDir` parameter to API endpoints such as "dp logs.php" or "index.php". **Recommendations** For versions prior to 1.03.31, update to version 1.03.31 or later to resolve the issue. As a temporary workaround, consider restricting access to the "dp logs.php" and "index.php" API endpoints to minimize the risk of exploitation. Avoid using the `HomeDir` parameter in these endpoints until the issue is resolved.