Waraxe

**Nome do software vulnerável e versões afetadas** Versões do OpenCart 1.4.7 a 1.5.5.1 **Descrição** O código anti-traversal implementado no arquivo filemanager.php do OpenCart é ineficaz e pode ser contornado. **Recomendações** Para as versões do OpenCart 1.4.7 a 1.5.5.1, considere restringir o acesso ao arquivo filemanager.php até que uma correção adequada seja aplicada. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.5.26 and earlier **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `Mod` cookie parameter to the "html/modules.php" endpoint. **Recommendations** For versions 1.5.26 and earlier, update to a version later than 1.5.26 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions 7.02.01 through 7.02.05 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `user ID` in a user cookie. **Recommendations** For PHP-Fusion versions 7.02.01 through 7.02.05, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions prior to 7.02.06 **Description** The issue allows remote attackers to execute arbitrary SQL commands via various parameters in different PHP files, including the `orderby` parameter to "downloads.php", and several parameters in "forum/postedit.php", "forum/postnewthread.php", "administration/settings messages.php", "administration/settings photo.php", "administration/bbcodes.php", "administration/news.php", and "administration/articles.php". The vulnerable parameters include `delete attach ` in "forum/postedit.php", `poll opts[]` in "forum/postnewthread.php", `pm email notify`, `pm save sent`, `pm inbox`, `pm sentbox`, and `pm savebox` in "administration/settings messages.php", `thumb compression`, `photo watermark text color1`, `photo watermark text color2`, and `photo watermark text color3` in "administration/settings photo.php", `enable` in "administration/bbcodes.php", `news image`, `news image t1`, and `news image t2` in "administration/news.php", `news id` in "administration/news.php", and `article id` in "administration/articles.php". **Recommendations** For PHP-Fusion versions prior to 7.02.06, update to version 7.02.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters and API endpoints until a patch is applied. Avoid using the vulnerable parameters in the affected API endpoints, such as `orderby` in "downloads.php", `delete attach ` in "forum/postedit.php", `poll opts[]` in "forum/postnewthread.php", and others, until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions prior to 7.02.06 **Description** The issue allows remote attackers to obtain sensitive information by requesting a backup file directly. This is possible because backup files are stored with predictable filenames in an unrestricted directory under the web document root, specifically in administration/db backups/. **Recommendations** For versions prior to 7.02.06, update to version 7.02.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration/db backups/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions prior to 7.02.06 **Description** The issue allows remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the `user theme` parameter to "maincore.php". Additionally, remote authenticated administrators can delete arbitrary files via the `enable` parameter to "administration/user fields.php" or the `file` parameter to "administration/db backup.php". **Recommendations** For versions prior to 7.02.06, update to version 7.02.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the `maincore.php`, `administration/user fields.php`, and `administration/db backup.php` files, and avoid using the `user theme`, `enable`, and `file` parameters in these files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions prior to 7.02.06 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the `highlight` parameter to "forum/viewthread.php", `user list` or `user types` parameters to "messages.php", `message` parameter to "infusions/shoutbox panel/shoutbox admin.php" or "administration/news.php", `panel list` parameter to "administration/panel editor.php", the HTTP User Agent string to "administration/phpinfo.php", the `" BBCODE "` parameter to "administration/bbcodes.php", `errorMessage` parameter to various scripts in the administration directory when the error is 3, or the `body` or `body2` parameters to "administration/articles.php". **Recommendations** For PHP-Fusion versions prior to 7.02.06, update to version 7.02.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters and scripts until the update can be applied. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 3.5.x through 3.5.7 phpMyAdmin versions 4.x through 4.0.0-rc2 **Description** The issue allows remote authenticated users to execute arbitrary code via a `/ex00` sequence. This sequence is not properly handled before making a `preg replace` function call within the "Replace table prefix" feature. **Recommendations** For phpMyAdmin versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For phpMyAdmin versions 4.x through 4.0.0-rc2, update to version 4.0.0-rc3 or later.

**Name of the Vulnerable Software and Affected Versions** NextBBS version 0.6 **Description** The issue allows remote attackers to bypass authentication and gain administrator access. This is achieved by setting the `userkey` cookie to 1, effectively allowing unauthorized access to administrative functions. **Recommendations** For NextBBS version 0.6, update the user authentication mechanism to properly validate the `userkey` cookie and prevent unauthorized access. As a temporary workaround, consider restricting access to administrative functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NextBBS version 0.6 **Description** The issue concerns SQL injection vulnerabilities in the ajaxserver.php file. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities are specifically found in the `curstr` parameter of the `findUsers` function, the `id` parameter of the `isIdAvailable` function, and the `username` parameter of the `getGreetings` function. **Recommendations** For NextBBS version 0.6, as a temporary workaround, consider restricting access to the `ajaxserver.php` file until a patch is available. Avoid using the `curstr`, `id`, and `username` parameters in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NextBBS version 0.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `do` parameter to `index.php`. **Recommendations** For NextBBS version 0.6, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `index.php` endpoint to minimize the risk of exploitation. Avoid using the `do` parameter in the affected `index.php` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Coppermine Photo Gallery versions prior to 1.5.20 **Description** The issue allows remote attackers to obtain sensitive information via various invalid parameters to different scripts, which reveals the installation path in an error message. This can be achieved by making a direct request to "plugins/visiblehookpoints/index.php", or by providing an invalid `page` or `cat` parameter to "thumbnails.php", an invalid `page` parameter to "usermgr.php", or an invalid `newer than` or `older than` parameter to "search.inc.php". **Recommendations** For Coppermine Photo Gallery versions prior to 1.5.20, update to version 1.5.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Coppermine Photo Gallery versions prior to 1.5.20 **Description** A cross-site scripting (XSS) issue exists, allowing remote authenticated users with certain privileges to inject arbitrary web script or HTML via the `keywords` parameter in the edit one pic.php file. **Recommendations** For versions prior to 1.5.20, update to version 1.5.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Coppermine Photo Gallery versions 1.5.10 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `h` and `t` parameters to "help.php", or the `picfile XXX` parameter to "searchnew.php". **Recommendations** For Coppermine Photo Gallery versions 1.5.10 and earlier, as a temporary workaround, consider restricting access to the vulnerable parameters `h` and `t` in the "help.php" endpoint and the `picfile XXX` parameter in the "searchnew.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vivvo CMS version 4.1.5.1 **Description** The issue allows remote attackers to conduct directory traversal attacks and read arbitrary files. This is achieved by manipulating the `file` parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence, enabling access to files outside the intended directory. **Recommendations** For Vivvo CMS version 4.1.5.1, as a temporary workaround, consider restricting access to the `files.php` script until a patch is available. Additionally, avoid using the `file` parameter with sequences that could be filtered into "../" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Coppermine Photo Gallery version 1.4.14 **Description** The issue allows remote attackers to obtain sensitive information via a direct request to "include/slideshow.inc.php", which leaks the installation path in an error message. **Recommendations** For version 1.4.14, consider restricting access to the "include/slideshow.inc.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Coppermine Photo Gallery version 1.4.14 **Description** The issue allows remote attackers to obtain sensitive information, such as the database table prefix, by making a direct request to the "update.php" endpoint. This could potentially be used to aid in attacks. **Recommendations** For version 1.4.14, restrict access to the "update.php" endpoint to prevent unauthorized access and information disclosure.

**Name of the Vulnerable Software and Affected Versions** TorrentTrader Classic version 1.09 **Description** The issue allows remote attackers to obtain a password via a brute-force attack because the `account-recover.php` file chooses random passwords from an insufficiently large set. **Recommendations** For TorrentTrader Classic version 1.09, consider modifying the `account-recover.php` file to generate random passwords from a larger set to prevent brute-force attacks. As a temporary workaround, restrict access to the `account-recover.php` file until a more secure password generation mechanism is implemented.

**Name of the Vulnerable Software and Affected Versions** TorrentTrader Classic version 1.09 **Description** The issue concerns the backup-database.php file, which does not require administrative authentication. This allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from the backups/ directory. **Recommendations** For TorrentTrader Classic version 1.09, consider restricting access to the backup-database.php file to require administrative authentication, or temporarily disable the file until a proper fix is available. Additionally, restrict access to the backups/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentTrader Classic version 1.09 **Description** A directory traversal issue exists in the backend/admin-functions.php file, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `ss uri` parameter, in conjunction with a modified component name, on case-insensitive web sites. **Recommendations** For TorrentTrader Classic version 1.09, consider restricting access to the `ss uri` parameter in the backend/admin-functions.php file to prevent directory traversal attacks. As a temporary workaround, avoid using the `ss uri` parameter with modified component names until a patch is available.