Lorexxar

**Nome do Software Vulnerável e Versões Afetadas** Versões do Cacti anteriores à 1.2.29 **Descrição** O Cacti é um framework de gerenciamento de desempenho e falhas de código aberto. Possui uma vulnerabilidade de injeção de SQL na função `get discovery results` do arquivo `automation devices.php` através do parâmetro `network`. Esta vulnerabilidade pode permitir que um atacante remoto execute código arbitrário. **Recomendações** Para versões anteriores à 1.2.29, atualize para a versão 1.2.29 ou superior para resolver o problema. Como solução temporária, considere restringir o acesso ao arquivo `automation devices.php` ou desativar a função `get discovery results` até que um patch esteja disponível. Evite utilizar o parâmetro `network` no endpoint da API afetado até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 **Description** Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the template function of host templates.php using the `graph template` parameter. This issue allows a remote attacker to execute arbitrary code due to inadequate protection of the SQL query structure. **Recommendations** For versions prior to 1.2.29, update to version 1.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the `host templates.php` template function until a patch is available. Avoid using the `graph template` parameter in the affected template function until the issue is resolved.

**Nome do software vulnerável e versões afetadas** Versões do Roundcube anteriores à 4.4 **Descrição** O problema está relacionado à falta de proteção na estrutura da página da web, permitindo que um invasor remoto comprometa a integridade dos dados. Trata-se de uma vulnerabilidade de Cross Site Scripting (XSS), na qual um invasor pode explorar a vulnerabilidade por meio do host e do usuário do banco de dados no endpoint /installer/test.php. **Recomendações** Para versões anteriores à 4.4, atualize para a versão 4.4 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao endpoint /installer/test.php até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões do Roundcube Webmail anteriores à 1.3.12 Versões do Roundcube Webmail 1.4.x anteriores à 1.4.5 **Descrição** O problema está relacionado a medidas de proteção insuficientes para as estruturas das páginas da web no Roundcube Webmail, permitindo que um invasor remoto comprometa a integridade dos dados. O problema está especificamente no objeto de modelo `username` em `include/rcmail output html.php`, o que permite ataques XSS. **Recomendações** Para versões do Roundcube Webmail anteriores à 1.3.12, atualize para a versão 1.3.12 ou posterior. Para versões do Roundcube Webmail 1.4.x anteriores à 1.4.5, atualize para a versão 1.4.5 ou posterior. Como solução temporária, considere restringir o acesso ao arquivo `include/rcmail output html.php` até que um patch esteja disponível. Evite usar o objeto de modelo `username` nos pontos de extremidade da API afetados até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas** Versões do Roundcube Webmail anteriores à 1.3.12 Versões do Roundcube Webmail 1.4.x anteriores à 1.4.5 **Descrição** O problema está relacionado a medidas de proteção insuficientes para as estruturas das páginas da web no Roundcube Webmail, permitindo que um invasor remoto comprometa a integridade dos dados. Existe uma vulnerabilidade de Cross-Site Scripting (XSS) por meio de um anexo XML malicioso, já que o formato text/xml está entre os tipos permitidos para visualização. **Recomendações** Para versões anteriores à 1.3.12, atualize para a versão 1.3.12 ou posterior. Para versões 1.4.x anteriores à 1.4.5, atualize para a versão 1.4.5 ou posterior. Como solução temporária, considere restringir os tipos permitidos para visualização, excluindo text/xml, até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** UpdraftPlus plugin versions 1.13.12 and earlier **Description** The issue allows remote PHP code execution due to a race condition in the `plupload action` function before deleting a file associated with the `name` parameter in `/wp-content/plugins/updraftplus/admin.php`. The vendor reports that this does not cross a privilege boundary. **Recommendations** For UpdraftPlus plugin versions 1.13.12 and earlier, update to a version later than 1.13.12 to resolve the issue. As a temporary workaround, consider restricting access to the `plupload action` function in `/wp-content/plugins/updraftplus/admin.php` to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** UpdraftPlus plugin versions 1.13.12 and earlier **Description** The issue concerns a Server-Side Request Forgery (SSRF) in the `updraft ajax handler` function, located in `/wp-content/plugins/updraftplus/admin.php`, which can be exploited via an `httpget` subaction. The vendor has noted that this issue does not cross a privilege boundary. **Recommendations** For versions 1.13.12 and earlier, consider disabling the `updraft ajax handler` function as a temporary workaround until a patch is available. Restrict access to the `/wp-content/plugins/updraftplus/admin.php` file to minimize the risk of exploitation. Avoid using the `httpget` subaction in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FineCms versions through 5.0.10 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It is located in the controllers/api.php file via the function parameter in a "c=api&m=data2" request. **Recommendations** For versions through 5.0.10, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns remote PHP code execution via the `param` parameter in an "action=cache" request to "libraries/Template.php", which is an example of Eval Injection. **Recommendations** For FineCms version 5.0.9, consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation, and avoid using the `param` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** dayrui FineCms version 5.0.9 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It occurs in the admin/Login.php file when a specific payload is entered into the `username` field, provided the payload does not start with a '<' character. **Recommendations** For dayrui FineCms version 5.0.9, as a temporary workaround, consider validating and sanitizing user input in the `username` field to prevent XSS attacks. Restrict access to the admin/Login.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns a SQL Injection flaw. It can be exploited via the `num` parameter in requests to "libraries/Template.php" with either "action=related" or "action=tags". **Recommendations** For FineCms version 5.0.9, avoid using the `num` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue is related to SQL Injection, which can be exploited via the `catid` parameter in an "action=related" request to the "libraries/Template.php" endpoint. **Recommendations** For FineCms version 5.0.9, avoid using the `catid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns a SQL Injection flaw. It can be exploited via the `field` parameter in requests to "libraries/Template.php" with specific actions such as "module", "member", "form", or "related". **Recommendations** For FineCms version 5.0.9, avoid using the `field` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dayrui FineCms version 5.0.9 **Description** The issue concerns URL Redirector Abuse via the `url` parameter in a sync action, related to the controllers/Weixin.php file. **Recommendations** For dayrui FineCms version 5.0.9, consider restricting access to the `url` parameter in the sync action to minimize the risk of exploitation. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCMS through 2017-07-12 **Description** The issue allows for XSS in visitors.php due to the lack of restriction on JavaScript in visited URLs, both during logging and when reading logs. **Recommendations** For FineCMS through 2017-07-12, restrict JavaScript in visited URLs during logging and when reading logs to prevent XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** FineCMS through 2017-07-12 **Description** The issue allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action in the application/core/controller/images.php file. **Recommendations** For FineCMS through 2017-07-12, consider restricting image upload capabilities for authenticated admins until a fix is available. As a temporary workaround, avoid using the image upload feature via the route=images action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-12 **Description** A SQL Injection issue exists via the `visitor ip` parameter in the application/core/controller/excludes.php file. **Recommendations** For FineCMS versions prior to 2017-07-12, avoid using the `visitor ip` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-12 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `folder`, `id`, or `name` parameter in the `/application/lib/ajax/get image.php` API endpoint. **Recommendations** For versions prior to 2017-07-12, as a temporary workaround, consider restricting access to the `/application/lib/ajax/get image.php` endpoint until a patch is available. Avoid using the `folder`, `id`, or `name` parameters in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Statistics plugin versions prior to 12.0.10 **Description** The issue concerns a security problem where an attacker can execute malicious scripts. This is possible due to improper validation of user input in the `rangestart` and `rangeend` parameters on the "wps referrers page" page. **Recommendations** For WP Statistics plugin versions prior to 12.0.10, update to version 12.0.10 or later to resolve the issue.