The_Storm

**Name of the Vulnerable Software and Affected Versions** Vessio NetBill version 1.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the full name or file title to accounts/admin/index.php, or the comment parameter in the support page to accounts/index2.php. API Endpoints: "accounts/admin/index.php" and "accounts/index2.php" are affected. Vulnerable Parameters or Variables: `full name`, `file title`, and `comment` are vulnerable. **Recommendations** For Vessio NetBill version 1.2, consider validating and sanitizing user input for the `full name`, `file title`, and `comment` parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the "accounts/admin/index.php" and "accounts/index2.php" API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vessio NetBill version 1.2 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action. This occurs in the accounts/admin/index.php file. **Recommendations** For Vessio NetBill version 1.2, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the accounts/admin/index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetArt Media Car Portal version 3.0 **Description** The issue allows remote attackers to hijack the authentication of administrators for various requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. Specifically, attackers can change arbitrary user passwords via a `nouveau` action in the security module to "cars/ADMIN/index.php", create a user or create a sub-user via a `sub accounts` action in the home module to "USERS/index.php", or change profile information via an `edit` action in the profile module to "USERS/index.php". **Recommendations** For NetArt Media Car Portal version 3.0, consider disabling the `nouveau` action in the security module, the `sub accounts` action in the home module, and the `edit` action in the profile module as a temporary workaround until a patch is available. Restrict access to the affected modules to minimize the risk of exploitation. Avoid using the affected actions in the respective modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetArt Media Car Portal version 3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the `PWRS` field, `Description` field when posting a new vehicle, `news title` when creating news, `Name` when creating a sub user, `group name` when creating a group, or `dealer name`, `first name`, or `last name` when changing a profile. **Recommendations** For NetArt Media Car Portal version 3.0, update the software to a version that includes fixes for the cross-site scripting vulnerabilities. As a temporary workaround, consider restricting user input for the `PWRS`, `Description`, `news title`, `Name`, `group name`, `dealer name`, `first name`, and `last name` fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetArt Media Car Portal version 3.0 **Description** The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension. This can be achieved by uploading a file such as `.php%00.jpg`. **Recommendations** For NetArt Media Car Portal version 3.0, consider restricting file uploads to only allow specific, safe extensions to prevent the execution of arbitrary PHP code. As a temporary workaround, consider disabling file upload functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAMEDIA LandShop version 0.9.2 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change account settings. This can lead to unauthorized changes to account settings. **Recommendations** For SAMEDIA LandShop version 0.9.2, update to a version that includes a fix for this issue, as using this version poses a significant risk due to the potential for account setting changes by unauthorized parties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAMEDIA LandShop version 0.9.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `OTR HEADS[]` parameter in an edit action on the "admin/action/objects.php" endpoint. **Recommendations** For SAMEDIA LandShop version 0.9.2, avoid using the `OTR HEADS[]` parameter in the edit action on the "admin/action/objects.php" endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAMEDIA LandShop version 0.9.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `OB ID` parameter in a single action to "admin/action/objects.php", the `AREA ID` parameter in a single action to "admin/action/areas.php", or the `start` parameter in a show action to "admin/action/pdf.php". **Recommendations** For SAMEDIA LandShop version 0.9.2, consider restricting access to the vulnerable API endpoints "admin/action/objects.php", "admin/action/areas.php", and "admin/action/pdf.php" to minimize the risk of exploitation. Avoid using the parameters `OB ID`, `AREA ID`, and `start` in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** b2evolution version 4.1.3 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `root` parameter in the `/blogs/htsrv/viewfile.php` API endpoint. **Recommendations** For version 4.1.3, consider restricting access to the `/blogs/htsrv/viewfile.php` endpoint until a patch is available. As a temporary workaround, avoid using the `root` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** b2evolution version 4.1.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the message body in blogs/blog1.php. **Recommendations** For version 4.1.3, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting user input in the message body to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlatnuX CMS versions 2011 08.09.2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a comment to the news, title to the news, or the folder names in a gallery. **Recommendations** For FlatnuX CMS versions 2011 08.09.2 and earlier, update to a version later than 2011 08.09.2 to resolve the issue. As a temporary workaround, consider restricting user input for comments, news titles, and gallery folder names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlatnuX CMS versions 2011 08.09.2 and earlier **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that add user accounts. **Recommendations** For FlatnuX CMS versions 2011 08.09.2 and earlier, as a temporary workaround, consider restricting access to the controlcenter.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlatnuX CMS version 2011 08.09.2 **Description** The issue allows remote administrators to read arbitrary files via a full pathname in the `dir` parameter in a "contents/Files" action. This is due to an absolute path traversal vulnerability in the controlcenter.php file. **Recommendations** For FlatnuX CMS version 2011 08.09.2, as a temporary workaround, consider restricting access to the `dir` parameter in the controlcenter.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Travelon Express version 6.2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several API endpoints, including "holiday.php" and "holiday book.php" using the `hid` parameter, "pages.php" using the `id` parameter, "admin/airline-edit.php" using the `fid` parameter, and "admin/customer-edit.php" using the `cid` parameter. **Recommendations** For Travelon Express version 6.2.2, consider restricting access to the vulnerable API endpoints "holiday.php", "holiday book.php", "pages.php", "admin/airline-edit.php", and "admin/customer-edit.php" to minimize the risk of exploitation. Avoid using the parameters `hid`, `id`, `fid`, and `cid` in the respective affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Free Realty versions 3.1-0.6 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests, including adding an agent via an `addagent` action or modifying an agent. **Recommendations** For Free Realty versions 3.1-0.6, as a temporary workaround, consider restricting access to the `admin/agenteditor.php` file until a patch is available. Avoid using the `addagent` action in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Free Realty versions 3.1-0.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `view` parameter to "agentdisplay.php" or the `edit` parameter to "admin/admin.php". **Recommendations** For Free Realty versions 3.1-0.6, consider restricting access to the "agentdisplay.php" and "admin/admin.php" scripts until a patch is available. As a temporary workaround, avoid using the `view` and `edit` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Free Realty versions 3.1-0.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters, including `notes` to "admin/agenteditor.php", `title`, `previewdesc`, `fulldesc`, or `notes` to "agentadmin.php", or in an "addlisting" action to "agentadmin.php". Additionally, there are unspecified vectors to "admin/adminfeatures.php". **Recommendations** For Free Realty versions 3.1-0.6, as a temporary workaround, consider restricting access to the vulnerable parameters `notes`, `title`, `previewdesc`, `fulldesc` in the affected API endpoints until a patch is available. Avoid using these parameters in "admin/agenteditor.php", "agentadmin.php", or "admin/adminfeatures.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Travelon Express version 6.2.2 **Description** The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using specific API endpoints, such as "airline-edit.php", "hotel-image-add.php", or "hotel-add.php". **Recommendations** For Travelon Express version 6.2.2, consider restricting access to the `airline-edit.php`, `hotel-image-add.php`, and `hotel-add.php` endpoints to prevent exploitation until a fix is available. Additionally, restrict the upload of files with executable extensions to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Travelon Express version 6.2.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `holiday name` field to API endpoints such as "holiday add.php" or "holiday view.php". **Recommendations** For Travelon Express version 6.2.2, as a temporary workaround, consider restricting access to the "holiday add.php" and "holiday view.php" API endpoints until a patch is available. Avoid using the `holiday name` field in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.