The_Bat_Hacker

**Name of the Vulnerable Software and Affected Versions** Barry Nauta BRIM version 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `renderer` parameter in template.tpl.php across multiple templates. **Recommendations** For Barry Nauta BRIM version 1.2.1 and earlier, consider disabling the `renderer` parameter in template.tpl.php until a patch is available to prevent remote file inclusion attacks. Restrict access to the template files in the affected directories to minimize the risk of exploitation. Avoid using the `renderer` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** n@board versions 3.1.9e and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `skin` parameter. This is a result of a PHP remote file inclusion vulnerability in the naboard pnr.php file. **Recommendations** For versions 3.1.9e and earlier, update to a version later than 3.1.9e to resolve the issue. As a temporary workaround, consider restricting access to the naboard pnr.php file to minimize the risk of exploitation. Avoid using the `skin` parameter in the affected URL until the issue is resolved.