L. Weichselbaum

**Name of the Vulnerable Software and Affected Versions** LetoDMS (formerly MyDMS) versions 1.7.2 and earlier **Description** The issue allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the `lang` parameter. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out by a remote attacker who has passed the authentication procedure. **Recommendations** For LetoDMS versions 1.7.2 and earlier, consider restricting access to the `op/op.Login.php` file until a patch is available. As a temporary workaround, avoid using the `lang` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sitecore Staging Module versions 5.4.0 rev.080625 and earlier **Description** The issue allows remote attackers to bypass authentication in the Staging Webservice, enabling them to upload files, download files, list directories, and clear the server cache via crafted SOAP requests. This is possibly related to a direct request, and attackers can use arbitrary `Username` and `Password` values. **Recommendations** For Sitecore Staging Module versions 5.4.0 rev.080625 and earlier, consider disabling the Staging Webservice until a patch is available to prevent exploitation. Restrict access to the `api.asmx` endpoint to minimize the risk of unauthorized file uploads, downloads, directory listings, and server cache clearance. Avoid using arbitrary `Username` and `Password` values in SOAP requests to the affected service.