The_Bekir

**Name of the Vulnerable Software and Affected Versions** lib/php/phphtmllib-2.5.4 maintain version 3.0.0-RC2 **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `phphtmllib` parameter. This issue might be related to phpHtmlLib. It is noted that proper installations of maintain might not be affected since the `$phphtmllib` variable is set before being used. **Recommendations** For maintain version 3.0.0-RC2, ensure that the `$phphtmllib` variable is properly set in includes.inc before being used in example6.php to prevent exploitation. For lib/php/phphtmllib-2.5.4, consider restricting access to the example6.php file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Mambo versions 4.5.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the htmltemplate.php file of the MOStlyCE component. **Recommendations** For Mambo version 4.5.4, consider restricting access to the `mosConfig absolute path` parameter in the htmltemplate.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lodel version 0.7.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `home` parameter in the calcul-page.php file. **Recommendations** For Lodel version 0.7.3, update to a version that contains a fix for this issue to prevent remote attackers from executing arbitrary PHP code.