Mehmet

**Name of the Vulnerable Software and Affected Versions** imageconverter service (affected versions not specified) **Description** The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the service's database user account. API requests are now properly checked for valid content, and attempts to circumvent this check are being logged as an error. No publicly available exploits are known. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** imageconverter service (affected versions not specified) **Description** The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the service's database user account. API requests are now properly checked for valid content, and attempts to circumvent this check are being logged as an error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Imageconverter (affected versions not specified) **Description** The issue arises from Imageconverter API endpoints not sufficiently validating and sanitizing client input, allowing the injection of arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials could read and modify database content accessible to the imageconverter SQL user account. No publicly available exploits are known. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cacheservice (affected versions not specified) **Description** The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users' cached data. Improvements have been made to the input check for API calls and to filter for potentially malicious content. No publicly available exploits are known. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacheservice (affected versions not specified) **Description** The issue arises from the Cacheservice not correctly checking if relative cache objects point to the defined absolute location when accessing resources. This allows an attacker with access to the database and a local or restricted network to read arbitrary local file system resources accessible by the service's system user account. The problem has been addressed by improving path validation to ensure access is contained within the defined root directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cacheservice (affected versions not specified) **Description** The issue arises when Cacheservice is configured to use a sproxyd object-storage backend, allowing it to follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network, capable of intercepting and replaying HTTP requests to sproxyd, or in control of the sproxyd service, could perform a server-side request-forgery attack. This would enable the attacker to make Cacheservice connect to unexpected resources. The ability to follow HTTP redirects when connecting to sproxyd resources has been disabled to mitigate this issue. No publicly available exploits are known. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Forminator plugin for WordPress versions up to, and including, 1.24.6 **Description** The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the `upload post image()` function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible. The vulnerability affects over 400,000 sites. **Recommendations** For Forminator plugin for WordPress versions up to, and including, 1.24.6: Update to a version later than 1.24.6 to resolve the issue. As a temporary workaround, consider disabling the `upload post image()` function until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation.