Andrey Stoykov

**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the `id` parameter. Exploitation involves injecting malicious SQL code into the `id` parameter of the 'admin delete.php' script, potentially allowing attackers to extract or modify database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the 'admin delete.php' script to minimize the risk of exploitation. Avoid using the `id` parameter in the affected script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cyberoam Authentication Client version 2.1.2.7 **Description** The Cyberoam Authentication Client software contains a buffer overflow issue that enables remote attackers to run code without permission by overwriting Structured Exception Handler (SEH) memory. An attacker can create a malicious input within the `Cyberoam Server Address` field to initiate a bind TCP shell on port 1337, granting system-level access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 4images version 1.9 **Description** The software contains a remote command execution issue. Authenticated administrators can inject reverse shell code through template editing functionality. Attackers can save malicious code in a template and execute arbitrary commands by accessing the ''/categories.php'' endpoint with a crafted `cat id` parameter. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the template editing functionality for administrators.

**Name of the Vulnerable Software and Affected Versions** myBB Forums version 1.8.26 **Description** myBB Forums version 1.8.26 has a stored cross-site scripting issue in the template management system. Authenticated administrators can inject malicious scripts when creating new templates. An attacker can exploit this by inserting script payloads in the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface. This can lead to arbitrary JavaScript execution when the template is viewed. **Recommendations** Apply a fix that sanitizes the template title field when adding new templates through the 'Templates and Style' > 'Templates' > 'Manage Templates' > 'Global Templates' interface.

**Name of the Vulnerable Software and Affected Versions** myBB Forums version 1.8.26 **Description** myBB Forums version 1.8.26 contains a stored cross-site scripting issue in the forum management system. Authenticated administrators can inject malicious scripts when creating new forums. Attackers can exploit this by inserting script payloads in the forum title field through the 'Forums and Posts' > 'Forum Management' interface. This can lead to arbitrary JavaScript execution when the forum listing is viewed. The vulnerable parameter is the forum title field. **Recommendations** Apply a fix to sanitize the forum title field when creating new forums through the 'Forums and Posts' > 'Forum Management' interface.

**Name of the Vulnerable Software and Affected Versions** myBB Forums version 1.8.26 **Description** myBB Forums version 1.8.26 has a stored cross-site scripting issue in the forum announcement system. Authenticated administrators can inject malicious scripts when creating announcements. Attackers can exploit this by inserting script payloads in the announcement title field through the 'Forums and Posts' > 'Forum Announcements' interface. This causes arbitrary JavaScript to execute when the announcement is displayed on the forum. The vulnerable parameter is the announcement title. **Recommendations** Administrators should avoid inserting script payloads in the announcement title field when adding announcements.

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue has been found in the Checkout Page component, affecting the processing of the file /checkout. The manipulation of the `quantity` argument with the input `-10` leads to enforcement of behavioral workflow. The attack can be initiated remotely. Recommendations: For spa-cartcms version 1.9.0.6, as a temporary workaround, consider restricting the input of the `quantity` argument in the /checkout file to prevent exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue was found in the Username Handler component, specifically in the /login file, where manipulating the `email` argument leads to observable behavioral discrepancy. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitability. The exploit has been disclosed to the public. Recommendations: For version 1.9.0.6, consider restricting access to the `/login` endpoint or the `email` argument to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the unknown function of the Username Handler component that handles the `email` argument.

Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2 Description: A critical issue was found in the Workspaces component, where the manipulation of the `dim` argument leads to SQL injection. This can be exploited remotely. Recommendations: For Feng Office version 3.11.1.2, as a temporary workaround, consider restricting access to the Workspaces component until a patch is available. Avoid using the `dim` argument in affected functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GZ Scripts Availability Booking Calendar PHP version 1.0 **Description** A problematic issue was found in the Image Handler component, affecting the /index.php?controller=GzUser&action=edit&id=1 file. The manipulation of the `img` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For GZ Scripts Availability Booking Calendar PHP version 1.0, consider disabling the `img` argument in the /index.php?controller=GzUser&action=edit&id=1 file as a temporary workaround until a patch is available. Restrict access to the Image Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GZ Scripts Availability Booking Calendar PHP version 1.0 **Description** A problematic issue has been found in the HTTP POST Request Handler component of the file index.php, where the manipulation of the `promo code` argument leads to cross site scripting. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For GZ Scripts Availability Booking Calendar PHP version 1.0, as a temporary workaround, consider restricting the use of the `promo code` argument in the HTTP POST Request Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.