D4Wner

**Name of the Vulnerable Software and Affected Versions** Simple Download Monitor plugin versions prior to 3.5.4 **Description** The issue allows for XSS via the `sdm upload thumbnail` parameter in an edit action to the "/wp-admin/post.php" endpoint. This affects the plugin's functionality related to file thumbnails. **Recommendations** For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the edit action in wp-admin/post.php to minimize the risk of exploitation. Avoid using the `sdm upload thumbnail` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple Download Monitor plugin versions prior to 3.5.4 **Description** The issue allows for XSS via the `sdm upload` parameter in an edit action to the "wp-admin/post.php" endpoint. This affects the WordPress plugin, potentially allowing malicious actions. **Recommendations** For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bus Booking Script (affected versions not specified) **Description** The issue concerns an XSS vulnerability. It can be exploited via the `datepicker` parameter in the "results.php" endpoint or the `spemail` parameter in the "admin/new master.php" endpoint. **Recommendations** For the Bus Booking Script, to mitigate the risk, consider validating and sanitizing user input for the `datepicker` parameter in the "results.php" endpoint and the `spemail` parameter in the "admin/new master.php" endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bus Booking Script (affected versions not specified) **Description** The issue is related to a CSRF vulnerability. It affects the admin/new master.php endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bus Booking Script (affected versions not specified) **Description** The issue concerns SQL Injection, which can be exploited via specific parameters in certain PHP files. The vulnerable parameters are `sp id` in the "admin/view seatseller.php" endpoint and `memid` in the "admin/view member.php" endpoint. **Recommendations** For the Bus Booking Script, consider restricting access to the `sp id` parameter in the "admin/view seatseller.php" endpoint and the `memid` parameter in the "admin/view member.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.9.2 **Description** The issue allows an attacker to perform Cross-Site Request Forgery attacks, potentially coercing an admin user into performing unintended actions. This can be achieved via the "admin.php?page=configuration&section=main" or "admin.php?page=batch manager&mode=unit" API endpoints. **Recommendations** For Piwigo version 2.9.2, as a temporary workaround, consider restricting access to the /admin.php?page=configuration&section=main and /admin.php?page=batch manager&mode=unit API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Piwigo version 2.9.2 **Description** The issue affects the admin/configuration.php file in Piwigo, where a CSRF (Cross-Site Request Forgery) weakness is present. **Recommendations** For Piwigo version 2.9.2, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests.

**Name of the Vulnerable Software and Affected Versions** October CMS versions 1.0.0 through 1.0.428 **Description** The issue allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. The vendor has expressed that they do not consider an attacker with access to manage/upload themes a significant threat model. **Recommendations** For October CMS versions 1.0.0 through 1.0.428, consider restricting access to the theme management feature to minimize the risk of exploitation. As a temporary workaround, avoid using the /backend/cms/themes endpoint to download and upload theme ZIP archives until a patch is available. Restrict access to the .htaccess file in themes to prevent arbitrary PHP code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.