Daniel Le Gall

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.8 Combodo iTop versions prior to 3.0.2-1 **Description** Combodo iTop is an open source, web-based IT service management platform. The reset password token is generated without any randomness parameter, which may lead to account takeover. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. For versions prior to 3.0.2-1, update to version 3.0.2-1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Combodo iTop versions prior to 2.7.8 Combodo iTop versions prior to 3.0.2-1 **Description** The issue allows a user who can log in to take over any account by knowing the account's username. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 3.0.2-1, update to version 3.0.2-1 or later.

**Name of the Vulnerable Software and Affected Versions** PharStreamWrapper package versions 2.x before 2.1.1 PharStreamWrapper package versions 3.x before 3.1.1 **Description** The issue is related to the PharStreamWrapper package, which does not prevent directory traversal. This allows attackers to bypass a deserialization protection mechanism. The vulnerability can be exploited by using a URL such as "phar:///path/bad.phar/../good.phar" to bypass protection. The vulnerability is associated with incorrect limitation of the path name to a directory with limited access, which can allow an attacker to disclose protected information. **Recommendations** For PharStreamWrapper package versions 2.x before 2.1.1, update to version 2.1.1 or later. For PharStreamWrapper package versions 3.x before 3.1.1, update to version 3.1.1 or later. As a temporary workaround, consider restricting access to the `phar:///` protocol handler until a patch is available. Avoid using URLs that contain the `../` sequence in the path, as they can be used to exploit the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloud Foundry UAA versions prior to 70.0 **Description** The issue allows a remote authenticated user to impersonate a different user by changing their email address to that of a different user. This is possible because a user can update their own email address. **Recommendations** For versions prior to 70.0, restrict access to email address updates to prevent impersonation until a fix is available. As a temporary workaround, consider implementing additional validation checks on email address changes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.8.4 **Description** The issue allows an attacker to leak the contents of a local file due to an error in the transformation feature. To exploit this, the attacker must have access to the phpMyAdmin Configuration Storage tables, which can be created in any database the attacker has access to. The attacker must also have valid credentials to log in to phpMyAdmin, as this issue does not bypass the login system. **Recommendations** For versions prior to 4.8.4, update to version 4.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the phpMyAdmin Configuration Storage tables to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum (SMF) versions prior to 2.0.15 Description: The issue is related to the MessageSearch2 function in PersonalMessage.php, which does not properly utilize the `possible users` variable in a query. This might allow attackers to bypass intended access restrictions. Recommendations: For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple versions 2.1.6 through 2.2.1 **Description** The issue concerns Smarty Template Injection in core components, leading to local file read before version 2.2 and local file inclusion since version 2.2.1. **Recommendations** For CMS Made Simple version 2.1.6, update to a version that fixes the Smarty Template Injection issue. For CMS Made Simple version 2.2, update to a version that fixes the Smarty Template Injection issue. For CMS Made Simple version 2.2.1, update to a version that fixes the Smarty Template Injection issue.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple versions 2.1.6 through 2.2 **Description** The issue allows for Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. **Recommendations** For CMS Made Simple version 2.1.6, update to a version that is not affected by this issue. For CMS Made Simple version 2.2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the core modules that use Smarty templating to minimize the risk of exploitation.