White_Sheep

**Name of the Vulnerable Software and Affected Versions** PhpMyAdmin versions prior to 3.4.0-beta1 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters. This can be demonstrated using a tag such as "[a@url@page]" in the error.php file. **Recommendations** For versions prior to 3.4.0-beta1, update to version 3.4.0-beta1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Anantasoft Gazelle CMS version 1.0 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `template` parameter. Recommendations: For Anantasoft Gazelle CMS version 1.0, consider disabling the use of the `template` parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Anantasoft Gazelle CMS versions 1.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `user` parameter to "user.php" or the `lookup` parameter to "search.php". **Recommendations** For Anantasoft Gazelle CMS versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to the "user.php" and "search.php" API endpoints until a patch is available. Avoid using the `user` and `lookup` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Anantasoft Gazelle CMS version 1.0 **Description** The issue allows remote attackers to conduct a password reset for other users. This is achieved by modifying the `user` parameter in the "renew.php" endpoint. **Recommendations** For Anantasoft Gazelle CMS version 1.0, consider restricting access to the "renew.php" endpoint until a patch is available. As a temporary workaround, avoid using the `user` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Anantasoft Gazelle CMS version 1.0 **Description** The issue allows remote attackers to overwrite arbitrary files by utilizing a directory traversal technique, specifically by including a .. (dot dot) in the `customizetemplate` parameter within a direct request to "admin/settemplate.php" API endpoint. **Recommendations** For Anantasoft Gazelle CMS version 1.0, as a temporary workaround, consider restricting access to the "admin/settemplate.php" endpoint and avoid using the `customizetemplate` parameter until a patch is available.

Name of the Vulnerable Software and Affected Versions: fuzzylime (cms) versions 3.0 and earlier Description: The issue allows remote attackers to include arbitrary local files via a .. (dot dot) in the `p` parameter in the getgalldata.php file. Recommendations: For versions 3.0 and earlier, consider restricting access to the getgalldata.php file until a patch is available. As a temporary workaround, avoid using the `p` parameter in the affected API endpoint until the issue is resolved.