Kevin Locati

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to 7.0.2 Description: The issue allows remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads in the admin panel. Recommendations: For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to 7.0.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. Recommendations: For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to 7.0.2 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `foruserlogin` parameter to "adherents/cartes/carte.php". Recommendations: For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Grav CMS versions prior to 1.3.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "admin/tools" endpoint. This is due to a vulnerability in the system/src/Grav/Common/Twig/Twig.php file. **Recommendations** For Grav CMS versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/tools" endpoint until a patch is available. Avoid using the PATH INFO to inject arbitrary data into the admin/tools endpoint until the issue is resolved.