Cút Lộn Xào Me

**Name of the Vulnerable Software and Affected Versions** ThimPress Course Builder versions prior to 3.6.6 **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can be exploited due to the deserialization of untrusted data, potentially leading to security breaches. **Recommendations** For versions prior to 3.6.6, update to version 3.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and functions that may be exploited through object injection until the update is applied.

Name of the Vulnerable Software and Affected Versions: Ninja Team GDPR CCPA Compliance Support versions 2.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions 2.7.3 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: mojoomla WPAMS versions prior to 44.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions prior to 44.0, update to version 44.0 or later to resolve the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WPAMS versions prior to 44.0 Description: The issue affects the mojoomla WPAMS, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion'. Recommendations: For versions prior to 44.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: roninwp Revy versions n/a through 2.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions n/a through 2.1, update to a version that includes a fix for this SQL Injection issue, as using the current version may expose the system to SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: roninwp FAT Services Booking versions n/a through 5.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions n/a through 5.6, update to a version that contains a fix for this issue, as using an affected version poses a significant risk due to the potential for SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions prior to 47.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. Recommendations: For versions prior to 47.0, update to version 47.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: mojoomla WPAMS versions n/a through 44.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For mojoomla WPAMS versions n/a through 44.0, update to a version that includes a fix for the SQL Injection vulnerability. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions prior to 47.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For mojoomla Hospital Management System versions prior to 47.0, update to version 47.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions prior to 47.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control of the server. Recommendations: For mojoomla Hospital Management System versions prior to 47.0, update to version 47.0 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent the upload of dangerous file types until a patch is applied. Restrict access to the file upload module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WPAMS versions prior to 44.0 Description: The issue affects WPAMS, allowing for Reflected XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting. Recommendations: For versions prior to 44.0, update to a version that includes the fix for this issue to prevent reflected XSS attacks. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WPAMS versions prior to 44.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows for Privilege Escalation. This vulnerability is associated with improper authentication in the WPAMS plugin on WordPress. Recommendations: For versions prior to 44.0, update to a version that includes the fix for this issue to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.