myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
b3b105150f9b06521170e93d13100ef0913a79916ae342097ea5401d294a5235
CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver. Versions less than and equal to 1.3.5 and 1.2.8 are affected.
dea34a0c2801eeab996b4917a68c1df259d3d1d8e08d971dace6ac256f486273