1337Kid

**Nome do software vulnerável e versões afetadas** Versões do mintupload até a 4.2.0 **Descrição** O problema está relacionado ao tratamento incorreto do nome do serviço, o que leva à injeção de comandos por meio de metacaracteres de shell em funções como `check connection`, `drop data received cb` e `Service.remove`. Um usuário pode modificar o nome de um serviço no arquivo ~/.linuxmint/mintUpload/services/service para explorar essa vulnerabilidade. O problema permite ataques locais e pode levar ao comprometimento do sistema. **Recomendações** Para versões até a 4.2.0, aplique o patch imediatamente para evitar o comprometimento do sistema. Como solução temporária, considere restringir o acesso às funções `check connection`, `drop data received cb` e `Service.remove` até que um patch esteja disponível. Além disso, evite modificar nomes de serviços nos arquivos ~/.linuxmint/mintUpload/services/service para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** BoidCMS version 2.0.0 **Description** A remote attacker can execute arbitrary code by exploiting a file upload vulnerability in BoidCMS. This is achieved by adding a GIF header to bypass MIME type checks, allowing the attacker to execute code via the GIF header component. **Recommendations** For BoidCMS version 2.0.0, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the component that handles GIF headers to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code-projects Online Restaurant Management System version 1.0 **Description** The issue allows an attacker to perform SQL injection, which can be used to bypass the admin panel. This enables the attacker to view order records, add items, and delete items. **Recommendations** For Code-projects Online Restaurant Management System version 1.0, consider restricting access to the admin panel and sensitive database operations until a patch is available. As a temporary workaround, disabling any functionality that allows user input to be directly executed as SQL commands can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Online Piggery Management System version 1.0 **Description** The issue is related to SQL Injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Online Piggery Management System version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Piggery Management System version 1.0 **Description** The issue allows an unauthenticated user to upload a php file by sending a POST request to the "add-pig.php" endpoint. This enables potential malicious activities. **Recommendations** For Online Piggery Management System version 1.0, consider disabling the "add-pig.php" endpoint until a patch is available to prevent file upload vulnerabilities. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint for file uploads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Online Piggery Management System version 1.0 **Description** The issue allows an unauthenticated user to perform a Cross Site Scripting (XSS) attack by posting JavaScript code to the "manage-breed.php" endpoint, resulting in Persistent XSS. **Recommendations** For Online Piggery Management System version 1.0, consider disabling access to the "manage-breed.php" endpoint until a patch is available to prevent exploitation. Restrict the ability to post JavaScript code to this endpoint to minimize the risk of Persistent XSS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.