Carlos Bello

Name of the Vulnerable Software and Affected Versions: Laundry version 2.3.0 Description: A Cross-Site Request Forgery (CSRF) issue allows for Account Takeover. This affects Linux and MacOS systems. Recommendations: For Laundry version 2.3.0, update to a version that includes a fix for this issue, as the current version allows for Account Takeover due to the CSRF vulnerability.

Name of the Vulnerable Software and Affected Versions: Laundry version 2.3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Account Takeover. This affects Laundry on Linux and MacOS. Recommendations: For Laundry version 2.3.0, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Account Takeover.

**Name of the Vulnerable Software and Affected Versions** SiYuan version 3.0.3 **Description** The issue allows executing arbitrary commands on the server due to the application being vulnerable to Server Side XSS. **Recommendations** For SiYuan version 3.0.3, update to a version that fixes the Server Side XSS issue to prevent arbitrary command execution on the server.

**Name of the Vulnerable Software and Affected Versions** Session version 1.17.5 **Description** The application is vulnerable to Local File Read via chat attachments, allowing internal application files and public files from the user's device to be obtained without the user's consent. **Recommendations** For Session version 1.17.5, consider disabling the chat attachment feature until a patch is available to prevent exploitation of the Local File Read vulnerability. Restrict access to sensitive files and directories to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Loomio version 2.22.0 **Description** The issue allows executing arbitrary commands on the server due to the application being vulnerable to OS Command Injection. **Recommendations** For Loomio version 2.22.0, update to a version that fixes the OS Command Injection issue. As a temporary workaround, consider restricting access to sensitive server functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Torrentpier version 2.4.1 **Description** The issue allows executing arbitrary commands on the server due to the application being vulnerable to insecure deserialization. **Recommendations** For Torrentpier version 2.4.1, as a temporary workaround, consider disabling any functionality that may be using insecure deserialization until a patch is available. Restrict access to sensitive server areas to minimize the risk of exploitation. Avoid using any potentially vulnerable parameters or functions in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** electron-pdf version 20.0.0 **Description** The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. **Recommendations** For electron-pdf version 20.0.0, consider disabling the HTML content validation bypass as a temporary workaround until a patch is available. Restrict access to sensitive local files to minimize the risk of exploitation. Avoid using the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pyhtml2pdf version 0.0.6 **Description** The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. **Recommendations** For Pyhtml2pdf version 0.0.6, consider validating user-entered HTML content to prevent remote access to local files. As a temporary workaround, restrict the application's ability to access local files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Leanote version 2.7.0 **Description** The issue allows obtaining arbitrary local files because the application is vulnerable to Local File Reading (LFR). **Recommendations** For Leanote version 2.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Suite CRM version 7.14.2 **Description** The application is vulnerable to Server-Side Request Forgery (SSRF), allowing an attacker to make arbitrary HTTP requests through the vulnerable server. **Recommendations** For Suite CRM version 7.14.2, update to a version that fixes the SSRF vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Suite CRM version 7.14.2 **Description** The issue is related to a Local File Inclusion (LFI) vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without having the necessary access rights. The vulnerability is associated with the lack of restrictions on file uploads. **Recommendations** For Suite CRM version 7.14.2, as a temporary workaround, consider disabling the functionality that allows including local PHP files until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dev blog version 1.0 **Description** The issue allows for an account takeover through the `user` cookie, enabling an attacker to access any user's session by knowing their username. **Recommendations** For Dev blog version 1.0, consider disabling the use of the `user` cookie until a patch is available to prevent account takeover. Restrict access to sensitive user data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dev blog version 1.0 **Description** The issue allows an attacker to exploit a cross-site scripting (XSS) vulnerability through an unrestricted file upload, combined with a bad entropy of filenames. This enables the attacker to upload a malicious HTML file, guess the filename of the uploaded file, and send it to a potential victim. **Recommendations** For Dev blog version 1.0, as a temporary workaround, consider restricting or disabling the file upload feature until a patch is available. Additionally, improving the entropy of filenames can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Book Stack version 23.10.2 **Description** The issue allows filtering local files on the server due to the application being vulnerable to Server-Side Request Forgery (SSRF). SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources that the server should not access. **Recommendations** For Book Stack version 23.10.2, as a temporary workaround, consider restricting access to sensitive local files on the server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital management system version 378c157 **Description** The Hospital management system is vulnerable to SQL injection (SQLI), which allows attackers to bypass authentication. This issue is related to a SQLI vulnerability in the application. **Recommendations** For Hospital management system version 378c157, consider temporarily disabling or restricting access to the authentication mechanism until a patch is available. As a temporary workaround, restrict access to the vulnerable SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hospital management system version 378c157 **Description** The hospital management system is vulnerable to SQL injection (SQLI), which allows attackers to bypass authentication. This issue is related to the application's susceptibility to SQLI attacks. **Recommendations** For Hospital management system version 378c157, consider temporarily restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using any functionality that may be vulnerable to SQLI attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaWiki version 1.40.0 **Description** The issue exists due to the lack of protection for the web page structure. A remote attacker with a low-privileged user account can exploit this by sending a malicious link to the instance administrator, allowing them to become an administrator if the instance administrator allows XML file uploads. This can lead to a security breach. **Recommendations** For MediaWiki version 1.40.0, restrict access to XML file uploads to prevent exploitation until a patch is available. As a temporary workaround, consider disabling XML file uploads to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PaperCutNG Mobility Print version 1.0.3512 **Description** The PaperCutNG Mobility Print application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the client's host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. **Recommendations** For PaperCutNG Mobility Print version 1.0.3512, consider implementing Anti-CSRF tokens, header origin validation, or samesite cookies to protect against CSRF attacks. As a temporary workaround, restrict access to the "configure printer discovery" section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Faveo Helpdesk Enterprise version 6.0.1 **Description** The issue allows an attacker with agent permissions to perform privilege escalation on the application due to a stored XSS vulnerability. **Recommendations** For Faveo Helpdesk Enterprise version 6.0.1, consider restricting access to agent permissions to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the functionality that allows agents to input data that could be used for stored XSS may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yoga Class Registration System version 1.0 **Description** The issue allows an administrator to execute commands on the server due to incorrect validation of thumbnails of classes uploaded by administrators. **Recommendations** For Yoga Class Registration System version 1.0, consider disabling the thumbnail upload feature for administrators until a proper validation mechanism is implemented to prevent command execution on the server.