Clorox

**Name of the Vulnerable Software and Affected Versions** e107 versions 0.7.8 and earlier **Description** The issue concerns an unrestricted file upload vulnerability. When photograph upload is enabled, remote attackers can upload and execute arbitrary PHP code via a filename with a double extension, such as `.php.jpg`. **Recommendations** For versions 0.7.8 and earlier, restrict or disable the photograph upload feature in `signup.php` to prevent exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to obtain sensitive information via a ' (quote) character in the `cid` parameter, which reveals the path in a forced SQL error message. **Recommendations** For LiveCMS versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the `categoria.php` file to minimize the risk of exploitation. Avoid using the `cid` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the `titulo` parameter in the "article.php" endpoint. **Recommendations** For versions 3.4 and earlier, consider restricting access to the `article.php` endpoint until a fix is available, and avoid using the `titulo` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for a small image associated with an article. **Recommendations** For LiveCMS versions 3.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiveCMS versions 3.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in the categoria.php file. **Recommendations** For LiveCMS versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the categoria.php file or avoiding the use of the `cid` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Centra 7 (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `username`, `first name`, or `last name` fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.