Berkan Erb3R

Name of the Vulnerable Software and Affected Versions: SonLogger versions prior to 6.4.1 Description: The issue allows for Unauthenticated Arbitrary File Upload. An attacker can exploit this by sending a POST request to "/Config/SaveUploadedHotspotLogoFile" without any authentication or session header. There is no check for the file extension or content of the uploaded file. Recommendations: For versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/Config/SaveUploadedHotspotLogoFile" endpoint until a patch is applied. Additionally, implementing checks for file extensions and content can help minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: FortiLogger version 4.4.2.2 Description: The issue allows for Arbitrary File Upload by sending a "Content-Type: image/png" header to "Config/SaveUploadedHotspotLogoFile" and then visiting "Assets/temp/hotspot/img/logohotspot.asp". This can be exploited by manipulating the `Content-Type` header. Recommendations: For FortiLogger version 4.4.2.2, as a temporary workaround, consider restricting access to the "Config/SaveUploadedHotspotLogoFile" endpoint and the "Assets/temp/hotspot/img/logohotspot.asp" file until a patch is available. Avoid using the "Content-Type: image/png" header in the affected endpoint until the issue is resolved.