Otmorozok428

Name of the Vulnerable Software and Affected Versions: CMS Ortus versions 1.13 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved by exploiting the `city` parameter in a `users edit pub` action to the "index.php" endpoint. Recommendations: For CMS Ortus versions 1.13 and earlier, avoid using the `city` parameter in the "index.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the `users edit pub` action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WSN Forum versions 4.1.43 and earlier Gallery versions 4.1.30 and earlier Knowledge Base (WSNKB) versions 4.1.36 and earlier Links versions 4.1.44 and earlier Classifieds versions prior to 4.1.30 **Description** A directory traversal issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `TID` parameter. This can be exploited by uploading a file, such as a .jpg file, containing PHP sequences. **Recommendations** For WSN Forum versions 4.1.43 and earlier, update to a version later than 4.1.43. For Gallery versions 4.1.30 and earlier, update to a version later than 4.1.30. For Knowledge Base (WSNKB) versions 4.1.36 and earlier, update to a version later than 4.1.36. For Links versions 4.1.44 and earlier, update to a version later than 4.1.44. For Classifieds versions prior to 4.1.30, update to version 4.1.30 or later. As a temporary workaround, consider restricting access to the `TID` parameter in the affected `index.php` file until a patch is available.