Skalvin

**Nome do Software Vulnerável e Versões Afetadas** Versões do Wisencode anteriores a 20251013 **Descrição** Existe uma falha de segurança no Wisencode até a versão 20251012. Este problema afeta uma funcionalidade desconhecida dentro do componente Create Support Ticket Handler, especificamente o arquivo `/support-ticket/create`. A manipulação do argumento `Message` pode resultar em cross-site scripting. O ataque pode ser iniciado remotamente. O fornecedor foi contatado sobre este problema, mas não respondeu. **Recomendações** Atualize o Wisencode para uma versão posterior a 20251012. Evite utilizar o parâmetro `Message` no endpoint `/support-ticket/create` até que o problema seja resolvido.

**Nome do Software Vulnerável e Versões Afetadas** abhicodebox ModernShop versão 20250922 **Descrição** Existe uma falha no processamento do arquivo `/search` no abhicodebox ModernShop. A manipulação do argumento `q` pode levar a cross-site scripting, permitindo potencialmente ataques remotos. O exploit para esta falha foi publicado. **Recomendações** Atualmente, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** JoomlaUX JUX Real Estate versão 3.4.0 **Descrição** Uma falha crítica foi identificada no processamento do arquivo /extensions/realestate/index.php/properties/list/list-with-sidebar/realties do componente GET Parameter Handler. A manipulação do argumento `title` resulta em injeção de SQL. Esta falha pode ser explorada remotamente. **Recomendações** Para o JoomlaUX JUX Real Estate versão 3.4.0, como medida temporária, considere restringir o acesso ao endpoint `index.php/properties/list/list-with-sidebar/realties` até que uma correção esteja disponível. Evite utilizar o argumento `title` neste endpoint para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** JoomlaUX JUX Real Estate versão 3.4.0 **Descrição** Foi identificada uma vulnerabilidade no software, afetando uma função desconhecida do arquivo /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. A manipulação do argumento `Itemid/jp yearbuilt` resulta em cross-site scripting. Esta vulnerabilidade pode ser explorada remotamente. **Recomendações** Para o JoomlaUX JUX Real Estate versão 3.4.0, como medida temporária, considere restringir o acesso ao endpoint `/extensions/realestate/index.php/properties/list/list-with-sidebar/realties` para minimizar o risco de exploração. Evite utilizar o argumento `Itemid/jp yearbuilt` neste endpoint até que a vulnerabilidade seja resolvida. Atualmente, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do EnvaySoft FleetCart até a 4.1.1 **Descrição** Foi identificada uma vulnerabilidade no EnvaySoft FleetCart que permite a divulgação de informações por meio da manipulação do argumento `razorpayKeyId`. O ataque pode ser executado remotamente, afetando uma funcionalidade ainda não identificada. Recomenda-se atualizar o componente afetado para proteger os dados. **Recomendações** Para as versões do EnvaySoft FleetCart até a 4.1.1, recomenda-se atualizar o componente afetado para uma versão mais recente que contenha uma correção para este problema. Como solução temporária, considere restringir o uso do argumento `razorpayKeyId` para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** osCommerce versão 4 **Descrição** Foi detectada uma falha no osCommerce que afeta uma função desconhecida do arquivo /catalog/all-products. A manipulação do argumento `cat` leva a um ataque de cross-site scripting. É possível lançar o ataque remotamente. A vulnerabilidade já foi divulgada ao público e pode estar sendo explorada. **Recomendações** Para o osCommerce versão 4, considere desativar o acesso ao arquivo /catalog/all-products até que um patch esteja disponível. Restrinja o uso do argumento `cat` no arquivo afetado para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Name of the Vulnerable Software and Affected Versions** osCommerce 4 (affected versions not specified) **Description** A critical issue has been found in osCommerce 4, affecting some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument `estimate[country id]` leads to sql injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 4 **Description** A problematic issue was found in osCommerce, affecting some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the `compare` argument with a malicious input leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For osCommerce version 4, as a temporary workaround, consider restricting access to the /catalog/compare endpoint until a patch is available. Avoid using the `compare` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QDocs Smart School version 6.4.1 **Description** A critical issue has been found in QDocs Smart School. This issue affects the /course/filterRecords/ file of the HTTP POST Request Handler component. The manipulation of the `searchdata[0][title]`, `searchdata[0][searchfield]`, and `searchdata[0][searchvalue]` arguments leads to SQL injection. It is possible to initiate the attack remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For QDocs Smart School version 6.4.1, as a temporary workaround, consider restricting access to the /course/filterRecords/ endpoint until a patch is available. Avoid using the `searchdata[0][title]`, `searchdata[0][searchfield]`, and `searchdata[0][searchvalue]` arguments in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** infinitietech taskhub version 2.8.7 **Description** A critical issue has been found in the GET Parameter Handler component, specifically affecting the /home/get tasks list file. The manipulation of the `project/status/user id/sort/search` argument leads to SQL injection. **Recommendations** For infinitietech taskhub version 2.8.7, consider restricting access to the `project/status/user id/sort/search` argument in the GET Parameter Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Academy LMS version 6.2 **Description** A critical issue affects some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the arguments `price min` and `price max` leads to SQL injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For Academy LMS version 6.2, as a temporary workaround, consider restricting access to the `/academy/tutor/filter` API endpoint until a patch is available. Avoid using the parameters `price min` and `price max` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Academy LMS version 6.2 **Description** A vulnerability was found in the GET Parameter Handler component of Academy LMS, affecting an unknown functionality of the file /academy/tutor/filter. The manipulation of the arguments `searched word`, `searched tution class type[]`, `searched price type[]`, and `searched duration[]` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Academy LMS version 6.2, consider restricting access to the vulnerable GET Parameter Handler component until a patch is available. As a temporary workaround, avoid using the arguments `searched word`, `searched tution class type[]`, `searched price type[]`, and `searched duration[]` in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infosoftbd Clcknshop version 1.0.0 **Description** A vulnerability was found in Infosoftbd Clcknshop, affecting unknown code of the file /collection/all. The manipulation of the argument `q` leads to cross site scripting. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Infosoftbd Clcknshop version 1.0.0, as a temporary workaround, consider restricting access to the /collection/all file until a patch is available. Avoid using the argument `q` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PlayTube version 3.0.1 **Description** A vulnerability was found in the component Redirect Handler, which affects some unknown processing and leads to information disclosure. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For PlayTube version 3.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infosoftbd Clcknshop version 1.0.0 **Description** A critical issue affects the processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the `tag` argument leads to sql injection. The attack may be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Infosoftbd Clcknshop version 1.0.0, as a temporary workaround, consider restricting access to the /collection/all file to minimize the risk of exploitation. Avoid using the `tag` argument in the affected GET Parameter Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SPA-Cart eCommerce CMS version 1.9.0.3 **Description** A vulnerability was found in the SPA-Cart eCommerce CMS, affecting some unknown functionality of the file /search. The manipulation of the arguments `filter[brandid]` and `filter[price]` leads to cross-site scripting. The attack may be launched remotely. **Recommendations** For SPA-Cart eCommerce CMS version 1.9.0.3, consider disabling the /search functionality until a patch is available. Restrict access to the `filter[brandid]` and `filter[price]` arguments in the /search endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SPA-Cart eCommerce CMS version 1.9.0.3 **Description** A critical vulnerability has been found in the GET Parameter Handler component of the /search file. The manipulation of the `filter[brandid]` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For version 1.9.0.3, consider disabling the `filter[brandid]` argument in the /search API endpoint until a patch is available. Restrict access to the /search file to minimize the risk of exploitation. Avoid using the `filter[brandid]` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codecanyon Credit Lite version 1.5.4 **Description** A critical vulnerability was found in the component POST Request Handler, specifically in the file /portal/reports/account statement. The manipulation of the `date1` and `date2` arguments leads to SQL injection. The attack can be launched remotely. **Recommendations** For Codecanyon Credit Lite version 1.5.4, consider disabling the `/portal/reports/account statement` endpoint until a patch is available. Restrict access to the POST Request Handler component to minimize the risk of exploitation. Avoid using the `date1` and `date2` arguments in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tdevs Hyip Rio version 2.1 **Description** A problematic issue has been found in the Profile Settings component, specifically in the /user/settings file, where the manipulation of the `avatar` argument leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For version 2.1, as a temporary workaround, consider restricting access to the `avatar` argument in the Profile Settings component until a patch is available. Additionally, restrict access to the /user/settings file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phpRecDB version 1.3.1 **Description** A vulnerability was found in the file /index.php of phpRecDB, where the manipulation of the argument `r/view` leads to cross-site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For phpRecDB version 1.3.1, as a temporary workaround, consider restricting access to the `/index.php` file or disabling the manipulation of the `r/view` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.