Dignajar

**Name of the Vulnerable Software and Affected Versions** Bludit versions prior to 3.9.1 **Description** The issue allows a non-privileged user to change the password of any account, including admin, due to an Insecure Direct Object Reference in the `bl-kernel/admin/controllers/user-password.php` file. This is caused by a modified `username` POST parameter. **Recommendations** For versions prior to 3.9.1, update to version 3.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the user-password.php file to minimize the risk of exploitation. Avoid using the `username` parameter in the affected POST request until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bludit versions prior to 3.9.0 **Description** The issue allows remote code execution for an authenticated user. This can be achieved by uploading a php file while changing the logo through the /admin/ajax/upload-logo API endpoint. **Recommendations** For versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/ajax/upload-logo API endpoint until the update is applied.