Hackers Pal

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version 0.6 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the `repertimage` parameter to "utilisateurs/vousetesbannis.php", the `elseifvotetxtresultatduvote` parameter to "utilisateurs/votesresultats.php", and the `elseifforumtxtmenugeneraleduforum` parameter to "moduleajouter/depot/adminforum.php". Recommendations: For ELSEIF CMS version 0.6, consider disabling access to the vulnerable parameters `repertimage`, `elseifvotetxtresultatduvote`, and `elseifforumtxtmenugeneraleduforum` until a patch is available. Restrict access to the affected API endpoints "utilisateurs/vousetesbannis.php", "utilisateurs/votesresultats.php", and "moduleajouter/depot/adminforum.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMS Creamotion (affected versions not specified) Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the `cfg[document uri]` parameter to specific API endpoints: " administration/securite.php" and " administration/gestion configurations/save config.php". Recommendations: For CMS Creamotion, consider disabling access to the ` administration/securite.php` and ` administration/gestion configurations/save config.php` endpoints until a patch is available. Avoid using the `cfg[document uri]` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version 0.6 Description: The issue allows remote attackers to obtain sensitive information, specifically the full path, via unspecified vectors to the "utilisateurs/votesresultats.php" endpoint. Recommendations: For ELSEIF CMS version 0.6, consider restricting access to the "utilisateurs/votesresultats.php" endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: TorrentTrader Classic version 1.07 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is possible via the `color` parameter to "pjirc/css.php" and the `cat` parameter to "browse.php". Recommendations: For TorrentTrader Classic version 1.07, consider disabling access to the "pjirc/css.php" and "browse.php" scripts until a patch is available, or restrict the `color` and `cat` parameters to prevent malicious input.

Name of the Vulnerable Software and Affected Versions: IDMOS version 1.0-beta Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `err msg` parameter to "error.php" or the `content` parameter to "templates/simple/ia.php". Recommendations: For IDMOS version 1.0-beta, consider restricting access to the "error.php" and "ia.php" scripts until a patch is available. As a temporary workaround, avoid using the `err msg` and `content` parameters in the affected API endpoints.

Name of the Vulnerable Software and Affected Versions: TorrentTrader Classic Edition version 1.07 Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `ss uri` parameter. Recommendations: For TorrentTrader Classic Edition version 1.07, consider restricting access to the `backend/admin-functions.php` file until a patch is available. As a temporary workaround, avoid using the `ss uri` parameter with untrusted input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IDMOS version 1.0-beta Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `site absolute path` parameter in the core/aural.php file. Recommendations: For IDMOS version 1.0-beta, avoid using the `site absolute path` parameter in the core/aural.php file until a fix is available. Consider restricting access to the core/aural.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ELSEIF CMS version Beta 0.6 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the `contenus` parameter to `contenus.php`, the `tpelseifportalrepertoire` parameter to multiple files such as `votes.php`, `espaceperso.php`, `enregistrement.php`, `commentaire.php`, and `coeurusr.php` in the `utilisateurs/` directory, as well as `articles/fonctions.php` and `depot/fonctions.php` in the `moduleajouter/` directory. Additionally, the `corpsdesign` parameter in `articles/usrarticles.php` and `depot/usrdepot.php` in `moduleajouter/` is vulnerable. This could potentially lead to the execution of arbitrary code. Recommendations: For ELSEIF CMS version Beta 0.6, consider disabling the `contenus.php`, `votes.php`, `espaceperso.php`, `enregistrement.php`, `commentaire.php`, `coeurusr.php`, `articles/fonctions.php`, `depot/fonctions.php`, `articles/usrarticles.php`, and `depot/usrdepot.php` files until a patch is available. Restrict access to the `utilisateurs/` and `moduleajouter/` directories to minimize the risk of exploitation. Avoid using the `contenus`, `tpelseifportalrepertoire`, and `corpsdesign` parameters in the affected files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Extreme PHPBB2 version 3.0 Pre Final **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter to (1) functions.php or (2) functions portal.php in includes/. **Recommendations** For Extreme PHPBB2 version 3.0 Pre Final, consider restricting access to the `functions.php` and `functions portal.php` files in the includes/ directory to minimize the risk of exploitation. Avoid using the `phpbb root path` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MyBB (affected versions not specified) **Description** The issue allows remote authenticated users to change the password of any account by exploiting a flaw in the debug mode of MyBB. Specifically, when debug mode is available, providing the account's registered e-mail address in a debug request for a do lostpw action prints the change password verification code in the debug output. This enables attackers to obtain the necessary information to reset passwords without authorization. **Recommendations** For MyBB, consider disabling the debug mode to prevent exploitation of this issue. As a temporary workaround, restrict access to the debug functionality to minimize the risk of unauthorized password changes. Avoid using the debug mode for do lostpw actions until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Magic News Plus version 1.0.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `php script path` parameter in the preview.php file. **Recommendations** For Magic News Plus version 1.0.2, consider restricting access to the `preview.php` file until a patch is available, and avoid using the `php script path` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Magic News Plus version 1.0.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `link parameters` parameter in the "/news.php" and "/n layouts.php" API endpoints. **Recommendations** For Magic News Plus version 1.0.2, avoid using the `link parameters` parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "/news.php" and "/n layouts.php" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BLOG:CMS versions 4.1.3 and earlier **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `DIR ADMIN` parameter. This affects the NP UserSharing.php file in the admin/plugins directory. **Recommendations** For BLOG:CMS versions 4.1.3 and earlier, update to a version later than 4.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the NP UserSharing.php file in the admin/plugins directory to minimize the risk of exploitation. Avoid using the `DIR ADMIN` parameter in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Free Web Publishing System (FreeWPS) versions 2.11 and earlier **Description** The issue concerns an unrestricted file upload vulnerability in the upload.php file, which allows remote attackers to upload and execute arbitrary PHP programs. **Recommendations** For Free Web Publishing System (FreeWPS) versions 2.11 and earlier, consider restricting access to the upload.php file until a patch is available. As a temporary workaround, disable the execution of uploaded files to prevent arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** UBB.threads version 6.5.1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GLOBALS[thispath]` or `GLOBALS[configdir]` parameter in the ubbt.inc.php file. **Recommendations** For version 6.5.1.1, consider restricting access to the ubbt.inc.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `GLOBALS[thispath]` and `GLOBALS[configdir]` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Groupee UBB.threads version 6.5.1.1 **Description** The issue concerns multiple direct static code injection vulnerabilities. These vulnerabilities allow remote attackers to inject PHP code via specific parameters, including the `theme[]` array parameter to "admin/doedittheme.php", which is then injected into "includes/theme.inc.php", and the `config[]` array parameter to "admin/doeditconfig.php", with execution via "includes/config.inc.php". Additionally, attackers can inject a reference to PHP code via a URL in the `config[path]` parameter and execute it through various scripts, including "dorateuser.php" and "calendar.php". **Recommendations** For Groupee UBB.threads version 6.5.1.1, consider disabling access to the "admin/doedittheme.php" and "admin/doeditconfig.php" scripts until a patch is available. Restrict the use of the `theme[]` and `config[]` array parameters to minimize the risk of exploitation. Avoid using the `config[path]` parameter with untrusted input in scripts like "dorateuser.php" and "calendar.php" to prevent code execution.

**Name of the Vulnerable Software and Affected Versions** Devellion CubeCart versions 2.0.x **Description** The issue allows remote attackers to obtain sensitive information via a direct request for certain files, which reveals the path in various error messages. Specifically, this can be done through requests for `link navi.php` or `spotlight.php`. **Recommendations** For Devellion CubeCart versions 2.0.x, consider restricting access to the `link navi.php` and `spotlight.php` files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Devellion CubeCart versions 2.0.x **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different files, including `order id` in "admin/print order.php" and "view order.php", `site url` and `la search home` in "admin/nav.php", `image` in "admin/image.php", `site name`, `la adm header`, `charset` in "admin/header.inc.php", `la pow by` in "footer.inc.php", and `site name` in "header.inc.php". **Recommendations** For Devellion CubeCart versions 2.0.x, consider disabling the affected parameters, such as `order id`, `site url`, `la search home`, `image`, `site name`, `la adm header`, `charset`, and `la pow by`, until a patch is available. Restrict access to the vulnerable files, including "admin/print order.php", "view order.php", "admin/nav.php", "admin/image.php", "admin/header.inc.php", "footer.inc.php", and "header.inc.php", to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Groupee UBB.threads version 6.5.1.1 **Description** The issue allows remote attackers to obtain sensitive information via a direct request for "cron/php/subscriptions.php", which reveals the path in an error message. **Recommendations** For version 6.5.1.1, consider restricting access to the "cron/php/subscriptions.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 2.x **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `templatesused` parameter in the global.php file. **Recommendations** For vBulletin versions 2.x, update to a version that includes a fix for this issue, as using the `templatesused` parameter can lead to arbitrary SQL command execution.