Tzitaroth

**Name of the Vulnerable Software and Affected Versions** Gregarius version 0.5.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `folder` parameter to "feed.php" or the `rss query` parameter to "search.php". **Recommendations** For Gregarius version 0.5.2, consider restricting access to the "feed.php" and "search.php" scripts until a patch is available. As a temporary workaround, avoid using the `folder` and `rss query` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** Loudblog versions 0.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `$GLOBALS[path]` parameter in the `inc/backend settings.php` file. **Recommendations** For Loudblog versions 0.4 and earlier, consider restricting access to the `inc/backend settings.php` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `$GLOBALS[path]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.