Kmkz_Security

**Name of the Vulnerable Software and Affected Versions** T24 in TEMENOS Channels version R15.01 **Description** An issue was discovered where the login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage the `downloadDocServer()` function to traverse the file system and access files or directories that are outside of the restricted directory. This is possible because `WealthT24/GetImage` is used with the `docDownloadPath` and `uploadLocation` parameters. **Recommendations** For T24 in TEMENOS Channels version R15.01, consider restricting access to the `downloadDocServer()` function until a patch is available. Additionally, restrict the use of the `docDownloadPath` and `uploadLocation` parameters in the `WealthT24/GetImage` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Publisure version 2.1.2 **Description** An issue in the secure portal of Publisure allows an authenticated administrator to inject arbitrary PHP code using the adminCons.php form. The injected code is stored in the E:PUBLISUREwebservicewebpagesAdminDirTemplates folder, and it remains even if removed from the adminCons.php view, potentially allowing the rogue PHP file to be hidden. **Recommendations** For Publisure version 2.1.2, consider restricting access to the adminCons.php form to prevent arbitrary PHP code injection until a patch is available. As a temporary workaround, monitor and regularly clean up the E:PUBLISUREwebservicewebpagesAdminDirTemplates folder to remove any potentially malicious PHP files.

**Name of the Vulnerable Software and Affected Versions** Publisure version 2.1.2 **Description** An issue in the servlet controller of the secure portal allows authentication bypass, enabling unauthorized queries on PHP forms within the /AdminDir folder, which should be restricted. **Recommendations** For Publisure version 2.1.2, consider restricting access to the /AdminDir folder and its PHP forms until a patch is available. As a temporary workaround, review and strengthen authentication mechanisms to prevent bypass attempts.

**Name of the Vulnerable Software and Affected Versions** Publisure version 2.1.2 **Description** An issue in the secure portal of Publisure allows for SQL injections due to poorly sanitized SQL queries in the `userAccFunctions.php` file. This enables an attacker to access passwords and potentially grant access to the user account, escalating privileges to become an Administrator. **Recommendations** For Publisure version 2.1.2, consider temporarily disabling the `userAccFunctions.php` file or restricting its use until a patch is available to prevent SQL injection attacks. Additionally, ensure that all SQL queries are properly sanitized to prevent such injections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.