Alireza Amirheydari

Researcher fromRaspina Net Pars Group (RNPG Ltd.)
#8888of 53,633
30.8Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2023-27948
6.1
2023-09-27
Unknown · Phpkobo Ajaxnewticker · CVE-2023-41445
**Name of the Vulnerable Software and Affected Versions** phpkobo AjaxNewTicker version 1.0.5 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the "index.php" component. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For phpkobo AjaxNewTicker version 1.0.5, consider disabling the "index.php" component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-27952
9.8
2023-09-27
Phpkobo · Phpkobo Ajaxnewticker · CVE-2023-41449
**Name of the Vulnerable Software and Affected Versions** phpkobo AjaxNewsTicker version 1.0.5 **Description** An issue in phpkobo AjaxNewsTicker allows a remote attacker to execute arbitrary code via a crafted payload to the `reque` parameter. **Recommendations** For phpkobo AjaxNewsTicker version 1.0.5, consider disabling access to the `reque` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27954
8.8
2023-09-27
Phpkobo · Phpkobo Ajaxnewticker · CVE-2023-41450
**Name of the Vulnerable Software and Affected Versions** phpkobo AjaxNewsTicker version 1.0.5 **Description** An issue in phpkobo AjaxNewsTicker allows a remote attacker to execute arbitrary code via a crafted payload to the `reque` parameter. **Recommendations** For phpkobo AjaxNewsTicker version 1.0.5, consider disabling access to the `reque` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27957
6.1
2023-09-27
Unknown · Phpkobo Ajaxnewticker · CVE-2023-41453
**Name of the Vulnerable Software and Affected Versions** phpkobo AjaxNewTicker version 1.0.5 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `cmd` parameter in the "index.php" component. This enables the attacker to perform Cross Site Scripting attacks. **Recommendations** For phpkobo AjaxNewTicker version 1.0.5, consider restricting access to the `cmd` parameter in the index.php component to minimize the risk of exploitation. As a temporary workaround, avoid using the `cmd` parameter in the affected component until a patch is available.