Jbince

**Nome do Software Vulnerável e Versões Afetadas** Mantis Bug Tracker versões anteriores a 2.28.1 **Description** O Mantis Bug Tracker (MantisBT) é um rastreador de problemas de código aberto. Existe uma omissão de autenticação na API SOAP quando executado em bancos de dados da família MySQL devido a uma verificação de tipo incorreta no parâmetro `password`. Isso ocorre porque o MySQL realiza a conversão de tipo implícita de string para inteiro. Um invasor que conheça o nome de usuário de uma vítima pode usar um envelope SOAP manipulado para fazer login na API SOAP sem a senha real e executar qualquer função da API disponível para aquela conta. Isso pode permitir que um invasor faça login como administrador usando a senha "0" para obter acesso total ao projeto. **Recommendations** Atualize para a versão 2.28.1. Como medida paliativa temporária, desabilite a API SOAP para reduzir significativamente o risco, embora isso ainda possa permitir a recuperação de informações da conta do usuário, como endereços de e-mail e nomes reais.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Before versions 7.15.1 and 8.9.3, the `action exportCustom` function in `modules/ModuleBuilder/controller.php` does not properly neutralize path traversal sequences in the `modules` and `name` parameters. These parameters are then used in the `exportCustom` function within `modules/ModuleBuilder/MB/MBPackage.php` to construct file paths for reading and writing. This allows a user with access to the ModuleBuilder module, typically an administrator, to create a request that can copy the content of any readable directory on the underlying host into the web root, making it accessible. The `ModuleBuilder` module is present in both major versions 7 and 8, affecting both current major versions. This allows an attacker to copy any readable directory into the web root, potentially exposing sensitive information like system files, including the content of `/etc`, or the web server's root directory, and environment variables. **Recommendations** SuiteCRM versions prior to 7.15.1 should be updated to version 7.15.1 or later. SuiteCRM versions prior to 8.9.3 should be updated to version 8.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/OutboundEmail.php` does not properly neutralize the user-controlled `$id` parameter. The function relies on calling functions to sanitize user input, but this is not consistently applied in all locations, specifically through the `EmailUIAjax` action on the `Email()` module. This allows an authenticated user to potentially perform SQL injection through the `retrieve()` function. An attacker could retrieve arbitrary information from the database, including user information and password hashes. The vulnerable code resides in the `retrieve()` function. **Recommendations** SuiteCRM versions prior to 7.15.1 should be updated to version 7.15.1 or later. SuiteCRM versions prior to 8.9.3 should be updated to version 8.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is a customer relationship management software application. An authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and multi-factor authentication (MFA) configuration. Because any authenticated user can query this endpoint, it is possible to retrieve and potentially crack the passwords of administrative users. The vulnerable API endpoint allows unauthorized access to sensitive user data. **Recommendations** Update to version 8.9.3 or later.