D. Fabian

**Name of the Vulnerable Software and Affected Versions** LetoDMS (formerly MyDMS) versions 1.7.2 and earlier **Description** The issue allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the `lang` parameter. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out by a remote attacker who has passed the authentication procedure. **Recommendations** For LetoDMS versions 1.7.2 and earlier, consider restricting access to the `op/op.Login.php` file until a patch is available. As a temporary workaround, avoid using the `lang` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Typo3 versions 3.7, 3.8, 4.0.0 through 4.0.3, and 4.1 beta with the rtehtmlarea extension Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `userUid` parameter to "rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php". Recommendations: For Typo3 versions 3.7, 3.8, 4.0.0 through 4.0.3, and 4.1 beta with the rtehtmlarea extension, avoid using the `userUid` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the rtehtmlarea extension to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vTiger CRM versions 4.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the `account name`. This can lead to the execution of malicious scripts on the client-side. **Recommendations** For versions 4.2 and earlier, update to a version later than 4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vTiger CRM versions 4.2 and earlier **Description** The issue allows remote attackers to upload arbitrary files, including PHP files, via the `add2db` action in the uploads module. **Recommendations** For versions 4.2 and earlier, consider disabling the uploads module or restricting file uploads to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vTiger CRM versions 4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via an arbitrary file in the `templatename` parameter, which is passed to the `eval()` function. **Recommendations** For versions 4.2 and earlier, consider restricting access to the Users module until a fix is available. As a temporary workaround, avoid using the `templatename` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vTiger CRM versions 4.2 and earlier **Description** The issue allows remote attackers to read or include arbitrary files and ultimately execute arbitrary PHP code via directory traversal vulnerabilities. This is achieved by using .. (dot dot) and null byte ("%00") sequences in the `module` parameter and `action` parameter in the Leads module. Attackers can also inject PHP code into log messages and access the log file. **Recommendations** For vTiger CRM versions 4.2 and earlier, consider restricting access to the Leads module and limiting the ability to inject PHP code into log messages until a fix is available. As a temporary workaround, restrict the use of the `module` and `action` parameters in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Snoopy version 1.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page. This is due to improper handling by the `fetch` function in the ` httpsrequest` function. **Recommendations** For Snoopy version 1.2, consider disabling the ` httpsrequest` function until a patch is available to prevent exploitation. Restrict access to the `fetch` function to minimize the risk of arbitrary command execution. Avoid using HTTPS URLs with shell metacharacters in the affected function until the issue is resolved.