William Heinbockel

**Name of the Vulnerable Software and Affected Versions** phpAdsNew version 2.0.4-pr2 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `phpAds path` parameter. This issue is disputed, as `phpAds path` is used as a constant. **Recommendations** For phpAdsNew version 2.0.4-pr2, consider restricting access to the `admin/lib-maintenance.inc.php` file to minimize the risk of exploitation. Avoid using the `phpAds path` parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kietu version 3.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via an FTP URL in the `url hit` parameter. This is a result of a PHP remote file inclusion vulnerability in the hit.php file. **Recommendations** For Kietu version 3.2, consider restricting access to the `hit.php` file or validating the `url hit` parameter to prevent the inclusion of malicious FTP URLs until a patch is available. As a temporary workaround, avoid using FTP URLs in the `url hit` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ZoneMetrics ZoneX Publishers Gold Edition versions 1.0.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter in the includes/usercp register.php file. **Recommendations** For ZoneMetrics ZoneX Publishers Gold Edition versions 1.0.3 and earlier, consider restricting access to the `includes/usercp register.php` file until a patch is available. Avoid using the `phpbb root path` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.