8Bitsec

**Nome do Software Vulnerável e Versões Afetadas** Codigo Markdown Editor versão 1.0.1 **Descrição** O software contém uma falha de execução de código que permite que atacantes executem comandos arbitrários do sistema ao criar um arquivo markdown malicioso. Um atacante pode incorporar uma fonte de vídeo com um evento onerror, que então executa comandos shell usando o módulo child process do Node.js quando o arquivo é aberto. O componente vulnerável é o tratamento de arquivos markdown. O evento `onerror` é explorado para acionar a execução de comandos. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** examapp plugin version 1.0 for WordPress **Description** The issue concerns a cross-site scripting (XSS) flaw via exam input text fields. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For examapp plugin version 1.0, consider disabling the exam input text fields until a patch is available to prevent potential XSS attacks.

**Name of the Vulnerable Software and Affected Versions** examapp plugin version 1.0 for WordPress **Description** The issue concerns SQL injection via the `id` parameter in the "wp-admin/admin.php?page=examapp UserResult" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For examapp plugin version 1.0, consider restricting access to the "wp-admin/admin.php?page=examapp UserResult" endpoint until a fix is available. As a temporary workaround, avoid using the `id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Shopy Point of Sale version 1.0 Description: A CSV Injection issue was discovered that allows a user with low-level privileges to inject a command into the exported CSV file, potentially leading to code execution. Recommendations: For Shopy Point of Sale version 1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: clustercoding Blog Master Pro version 1.0 Description: A CSV Injection issue was discovered that allows a user with low-level privileges to inject a command into the exported CSV file, potentially leading to code execution. Recommendations: For version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HRSALE The Ultimate HRM version 1.0.2 Description: A Local File Inclusion issue was discovered, which can be exploited by a low-privileged user. Recommendations: For HRSALE The Ultimate HRM version 1.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: HRSALE The Ultimate HRM version 1.0.2 Description: An Authenticated Stored XSS issue was found, which can be exploited by a low-privileged user. Recommendations: For HRSALE The Ultimate HRM version 1.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: HRSALE The Ultimate HRM version 1.0.2 Description: A SQL Injection issue was discovered that allows a user with low-level privileges to directly modify the SQL query. Recommendations: For HRSALE The Ultimate HRM version 1.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: HRSALE The Ultimate HRM version 1.0.2 Description: A CSV Injection issue was discovered that allows a user with low-level privileges to inject a command into the exported CSV file, potentially leading to code execution. Recommendations: For HRSALE The Ultimate HRM version 1.0.2, consider disabling the CSV export feature until a patch is available to prevent potential code execution.