Eric Flokstra

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** The issue concerns directory traversal during file download. This occurs via the `view` parameter in the "BrowseFiles.php" endpoint. **Recommendations** For versions through 7.8.20002.47752, consider restricting access to the "BrowseFiles.php" endpoint until a patch is available. As a temporary workaround, avoid using the `view` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** The issue is an unauthenticated SQL injection in the `p` parameter of the "process login.php" login form. This allows for potential exploitation without the need for authentication. **Recommendations** For AudioCodes Device Manager Express versions through 7.8.20002.47752, consider restricting access to the "process login.php" login form until a patch is available. As a temporary workaround, avoid using the `p` parameter in the login form to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** The issue is related to authenticated SQL injection. It affects the `id` parameter of the "IPPhoneFirmwareEdit.php" endpoint. **Recommendations** For versions through 7.8.20002.47752, avoid using the `id` parameter in the IPPhoneFirmwareEdit.php endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** An issue allows remote code execution via directory traversal in the `dir` parameter of the file upload functionality of "BrowseFiles.php". An attacker can upload a .php file to "WebAdmin/admin/AudioCodes files/ajax/". **Recommendations** For versions through 7.8.20002.47752, as a temporary workaround, consider restricting access to the file upload functionality of BrowseFiles.php until a patch is available. Avoid using the `dir` parameter in the affected file upload functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a `cmd` parameter set to "ssh" and an `ssh command` field, which is then executed. **Recommendations** For AudioCodes Device Manager Express versions through 7.8.20002.47752, as a temporary workaround, consider restricting access to the "/BrowseFiles.php" API endpoint to minimize the risk of exploitation. Avoid using the `ssh command` field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AudioCodes Device Manager Express versions through 7.8.20002.47752 **Description** The issue is related to stored XSS via the `desc` parameter in the "ajaxTenants.php" endpoint. **Recommendations** For AudioCodes Device Manager Express versions through 7.8.20002.47752, consider restricting access to the "ajaxTenants.php" endpoint to minimize the risk of exploitation. Avoid using the `desc` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! CMS versions 3.0.0 through 3.4.1 **Description** The issue is related to an open redirect vulnerability. **Recommendations** For versions 3.0.0 through 3.4.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Chorus2 version 2.4.2 **Description** The issue allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the `image path`, as demonstrated by "image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd". This is a directory traversal vulnerability in the Chorus2 add-on for Kodi. **Recommendations** For Chorus2 version 2.4.2, consider disabling the add-on until a patch is available to prevent exploitation of the directory traversal vulnerability. Restrict access to sensitive files and directories to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.4.1 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims for requests that upload code. **Recommendations** For versions 3.2.0 through 3.4.1, update to version 3.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Easy Social Icons plugin versions prior to 1.2.3 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the `image file` parameter in an edit action in the "cnss social icon add" page to "wp-admin/admin.php". **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cnss social icon add" page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the `image file` parameter in the affected edit action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WooCommerce plugin versions prior to 2.2.11 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the QUERY STRING in the "wc-reports" page to "wp-admin/admin.php". **Recommendations** For versions prior to 2.2.11, update to version 2.2.11 or later to resolve the issue.