Cracker

Name of the Vulnerable Software and Affected Versions HikaShop version 4.7.4 Description HikaShop version 4.7.4 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. Attackers can manipulate GET parameters in the product filter endpoint to achieve this. Specifically, the `from option`, `from ctrl`, `from task`, and `from itemid` parameters are vulnerable. Successful exploitation could allow attackers to steal session tokens or login credentials. Recommendations Update HikaShop to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Joomla Solidres version 2.13.3 Description Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts. Attackers can manipulate multiple GET parameters, including `show`, `reviews`, `type id`, `distance`, `facilities`, `categories`, `prices`, `location`, and `Itemid`, to craft malicious URLs containing JavaScript payloads. When victims visit these crafted links, attackers can potentially steal session tokens, login credentials, or manipulate site content. Recommendations Update Joomla Solidres to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Joomla VirtueMart Shopping-Cart version 4.0.12 Description A reflected cross-site scripting issue exists that allows attackers to inject malicious scripts by manipulating the `keyword` parameter. Attackers can craft malicious URLs containing script payloads in the `keyword` parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and potentially steal session tokens or credentials. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Joomla JLex Review version 6.0.1 Description A reflected cross-site scripting issue exists that allows attackers to inject malicious scripts by manipulating the `review id` URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers when clicked, potentially enabling session hijacking or credential theft. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `review id` parameter to prevent the injection of malicious scripts.

Name of the Vulnerable Software and Affected Versions WordPress adivaha Travel Plugin version 2.3 Description The adivaha Travel Plugin for WordPress version 2.3 contains a time-based blind SQL injection vulnerability. Unauthenticated attackers can manipulate database queries by injecting SQL code through the `pid` GET parameter. Attackers can send requests to the `/mobile-app/v3/` endpoint with crafted `pid` values using XOR-based payloads to extract sensitive database information or cause denial of service. Recommendations Update WordPress adivaha Travel Plugin to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/mobile-app/v3/` endpoint.

Name of the Vulnerable Software and Affected Versions WordPress adivaha Travel Plugin version 2.3 Description The WordPress adivaha Travel Plugin version 2.3 contains a reflected cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. Attackers can manipulate the `isMobile` parameter in the `/mobile-app/v3/` endpoint to execute arbitrary code in victims' browsers and potentially steal session tokens or credentials. Recommendations Update WordPress adivaha Travel Plugin to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using the `/mobile-app/v3/` endpoint with untrusted input for the `isMobile` parameter.

Name of the Vulnerable Software and Affected Versions iProperty Real Estate versions 4.1.1 Description The software contains a reflected cross-site scripting issue. Attackers can inject malicious scripts by manipulating the `filter keyword` parameter. Specifically, attackers can craft URLs containing JavaScript payloads in the `filter keyword` GET parameter of the `/all-properties-with-map` API endpoint to execute arbitrary code in victim browsers and potentially steal session tokens or credentials. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `filter keyword` parameter before using it in the `/all-properties-with-map` endpoint.

**Name of the Vulnerable Software and Affected Versions** JLex GuestBook version 1.6.4 **Description** The software contains a reflected cross-site scripting issue in the `q` URL parameter. This allows attackers to inject malicious scripts. Attackers can create malicious links with XSS payloads to potentially steal session tokens or execute arbitrary JavaScript in a victim’s browser. **Recommendations** Update JLex GuestBook to a newer version that addresses this issue. As a temporary workaround, sanitize the `q` URL parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Academy LMS version 6.1 **Description** Academy LMS version 6.1 has a file upload issue. Authenticated users can upload malicious SVG files containing stored cross-site scripting payloads. An attacker can inject malicious scripts through the profile avatar upload feature by changing file extensions and embedding JavaScript code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyFusion (aka MyF) version 6 Beta **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by exploiting the `settings[locale]` parameter with a .. (dot dot) when `register globals` is enabled. **Recommendations** For MyFusion (aka MyF) version 6 Beta, consider disabling the `register globals` setting to mitigate the risk of exploitation. Additionally, restrict access to the `infusions/last seen users panel/last seen users panel.php` file until a patch is available. Avoid using the `settings[locale]` parameter with untrusted input in the affected file.

**Name of the Vulnerable Software and Affected Versions** AN Guestbook version 0.7.8 **Description** A directory traversal issue exists due to the `g lang` parameter in ang/shared/flags.php, allowing remote attackers to read arbitrary files when register globals is enabled. This is achieved by using a .. (dot dot) in the `g lang` parameter. **Recommendations** For AN Guestbook version 0.7.8, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the ang/shared/flags.php file to minimize the risk of arbitrary file reading. Avoid using the `g lang` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tribiq CMS version 5.0.12c **Description** The issue allows remote attackers to include and possibly execute arbitrary files via directory traversal sequences in certain parameters. This is possible when register globals is enabled and magic quotes gpc is disabled. The vulnerable parameters include `template path` in files such as "masthead.inc.php", "toppanel.inc.php", and "contact.inc.php" in the "templates/mytribiqsite/tribiq-CL-9000/includes" directory, and the `use template family` parameter in "nlarlist content.inc.php". **Recommendations** For Tribiq CMS version 5.0.12c, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk. Additionally, restrict access to the vulnerable files, such as "masthead.inc.php", "toppanel.inc.php", "contact.inc.php", and "nlarlist content.inc.php", to minimize the risk of exploitation. Avoid using the `template path` and `use template family` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpCollegeExchange version 0.1.5c **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the ` SESSION[handle]` parameter to various PHP files, including `home.php`, `books/allbooks.php`, or `books/home.php`, or through the `home` parameter to files such as `i head.php`, `i nav.php`, `allbooks.php`, `home.php`, or `i nav.php` in the `books/` directory. API Endpoints and variables involved include: - ` SESSION[handle]` parameter - `home` parameter to endpoints like `home.php`, `books/allbooks.php`, `books/home.php`, `i head.php`, `i nav.php`, `allbooks.php`, and `home.php` in `books/`. **Recommendations** For phpCollegeExchange version 0.1.5c, as a temporary workaround, consider validating and sanitizing the ` SESSION[handle]` and `home` parameters to prevent injection of malicious scripts. Restrict access to the affected PHP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpCollegeExchange version 0.1.5c **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `home` parameter to several PHP files, including (1) i head.php, (2) i nav.php, (3) user new 2.php, or (4) house/myrents.php, when register globals is enabled. Additionally, similar issues exist in (5) allbooks.php, (6) home.php, or (7) mybooks.php in the books/ directory. **Recommendations** For phpCollegeExchange version 0.1.5c, consider disabling the `register globals` setting to prevent exploitation. As a temporary workaround, restrict access to the vulnerable PHP files, including i head.php, i nav.php, user new 2.php, house/myrents.php, allbooks.php, home.php, and mybooks.php, until a patch is available. Avoid using the `home` parameter in the affected PHP files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Campsite version 3.3.0 RC1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GLOBALS[g campsiteDir]` parameter to various PHP files, including "ad popup.php", "camp html.php", "init content.php", "logout.php", "menu.php", and "set-author.php" in the "admin-files/" directory, as well as other files in different directories. **Recommendations** For Campsite version 3.3.0 RC1, consider restricting access to the `GLOBALS[g campsiteDir]` parameter to prevent remote file inclusion attacks. Additionally, restrict access to the affected PHP files, such as "ad popup.php", "camp html.php", "init content.php", "logout.php", "menu.php", and "set-author.php" in the "admin-files/" directory, until a patch is available. Avoid using the `GLOBALS[g campsiteDir]` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Campsite version 3.3.0 RC1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `listbasedir` parameter in the admin-files/templates/list dir.php file. **Recommendations** For Campsite version 3.3.0 RC1, avoid using the `listbasedir` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the admin-files/templates/list dir.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campsite version 3.3.0 RC1 **Description** A directory traversal issue exists, allowing remote attackers to read and possibly execute arbitrary local files. This is achieved by using a .. (dot dot) in the `GLOBALS[g campsiteDir]` parameter. **Recommendations** For Campsite version 3.3.0 RC1, consider restricting access to the admin-files/ad.php file until a patch is available. As a temporary workaround, avoid using the `GLOBALS[g campsiteDir]` parameter with untrusted input.

Name of the Vulnerable Software and Affected Versions: HoMaP-CMS version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` settings[pluginpath]` parameter in the `html/admin/modules/plugin admin.php` file. Recommendations: For HoMaP-CMS version 0.1, avoid using the ` settings[pluginpath]` parameter in the affected `html/admin/modules/plugin admin.php` file until the issue is resolved. Consider restricting access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Geody Labs Dagger - The Cutting Edge version r12feb2008 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `dir inc` parameter. **Recommendations** For Geody Labs Dagger - The Cutting Edge version r12feb2008, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the skins/default.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `dir inc` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Geody Labs Dagger - The Cutting Edge version r12feb2008 **Description** The issue allows remote attackers to execute arbitrary PHP code when the register globals setting is enabled. This is achieved by providing a URL in the `dir edge skins` parameter. **Recommendations** For Geody Labs Dagger - The Cutting Edge version r12feb2008, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the skins/default.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `dir edge skins` parameter in the affected endpoint until the issue is resolved.