Farid007

**Name of the Vulnerable Software and Affected Versions** PyroCMS version 3.7 **Description** The issue is related to cross-site request forgery (CSRF) via the "admin/pages/delete/" URI, which can lead to the deletion of pages. **Recommendations** For PyroCMS version 3.7, consider disabling access to the "admin/pages/delete/" URI as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PyroCMS version 3.7 **Description** The issue allows for cross-site request forgery (CSRF) via the "admin/addons/uninstall/anomaly.module.blocks" URI, which can lead to the deletion of an arbitrary plugin. **Recommendations** For PyroCMS version 3.7, as a temporary workaround, consider restricting access to the "admin/addons/uninstall/anomaly.module.blocks" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NeDi version 1.9C **Description** The issue allows for Remote Command Execution due to improper escaping of shell metacharacters from a POST request in System-Snapshot.php. An attacker can exploit this by sending a crafted payload containing shell metacharacters via a POST request with the `psw` parameter. This can also be exploited through Cross-Site Request Forgery (CSRF). **Recommendations** For NeDi version 1.9C, as a temporary workaround, consider restricting access to the System-Snapshot.php file to minimize the risk of exploitation. Avoid using the `psw` parameter in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NeDi version 1.9C **Description** The issue arises from an incorrect implementation of the `sanitize()` function in `inc/libmisc.php`, which attempts to escape the SCRIPT tag from user-controllable values but can be bypassed. This can be demonstrated using an `onerror` attribute of an `IMG` element as a `Devices-Config.php?sta=` value. **Recommendations** For NeDi version 1.9C, consider disabling the `sanitize()` function in `inc/libmisc.php` until a proper fix is implemented to prevent XSS attacks. Restrict access to `Devices-Config.php` to minimize the risk of exploitation. Avoid using user-controllable values in the `sta` parameter of `Devices-Config.php` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NeDi version 1.9C **Description** The issue allows for Remote Command Execution due to improper escaping of shell metacharacters from a POST request in the pwsec.php file. An attacker can exploit this by sending a crafted payload containing shell metacharacters via a POST request with the `pw` parameter. This can also be exploited through Cross-Site Request Forgery (CSRF). **Recommendations** For NeDi version 1.9C, as a temporary workaround, consider restricting access to the pwsec.php file to minimize the risk of exploitation. Avoid using the `pw` parameter in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

🚨 CVE-2020-12258 rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. 🎖@cveNotify

**Name of the Vulnerable Software and Affected Versions** rConfig version 3.9.4 **Description** The issue concerns improper validation of user input in the devicemgmnt.php file, allowing for reflected XSS attacks. An attacker can exploit this by crafting arbitrary JavaScript in the `deviceId` GET parameter to the "devicemgmnt.php" endpoint. **Recommendations** For version 3.9.4, consider disabling the `devicemgmnt.php` file or restricting access to it until a patch is available. Avoid using the `deviceId` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** rConfig version 3.9.4 **Description** The issue concerns improper validation of user input in the configDevice.php file, allowing for reflected XSS attacks. An attacker can exploit this by crafting arbitrary JavaScript in the `rid` GET parameter of the "devicemgmnt.php" endpoint. **Recommendations** For rConfig version 3.9.4, consider restricting access to the configDevice.php file and the devicemgmnt.php endpoint until a patch is available. As a temporary workaround, avoid using the `rid` parameter in the devicemgmnt.php endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rConfig version 3.9.4 **Description** The issue is related to remote code execution due to improper validation in the file upload functionality. Specifically, `vendor.crud.php` accepts file uploads by checking the `content-type` without considering the file extension and header. This allows an attacker to exploit the vulnerability by uploading a `.php` file to `vendor.php` that contains arbitrary PHP code and changing the `content-type` to `image/gif`. **Recommendations** For rConfig version 3.9.4, consider disabling the file upload functionality in `vendor.crud.php` until a patch is available to prevent exploitation. Restrict access to `vendor.php` to minimize the risk of uploading malicious files. Avoid using the file upload feature with arbitrary `content-type` headers until the issue is resolved.