Hack2Prison

**Name of the Vulnerable Software and Affected Versions** phpCoupon (affected versions not specified) **Description** The issue concerns the Billing Control Panel in phpCoupon, where remote authenticated users can potentially obtain Premium Member status and acquire free coupons by modifying a URL. This is achieved by including specific substrings such as `billing parameter`, `REQ=auth`, `status=success`, and `custom=upgrade` in the URL, which may be related to PayPal transactions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ASP Folder Gallery (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files. This is achieved by providing a filename in the `file` parameter to the "download script.asp" in the ASP Folder Gallery. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Iono (affected versions not specified) **Description** The issue allows remote attackers to obtain the full server path via certain requests to specific files, including (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and other unspecified files in the templates/ directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hot Links (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information and download the database via a direct request with a modified `dl` parameter. This is possible due to vulnerabilities in the `dlback.php` and `dlback.cgi` scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uploadscript versions 1.2 and earlier **Description** The issue allows remote attackers to obtain the admin password hash due to insufficient access control of sensitive data stored under the web root. This can be achieved via a direct request for "/password.txt" API endpoint. **Recommendations** For Uploadscript versions 1.2 and earlier, consider restricting access to the "/password.txt" file to prevent unauthorized access until a fix is available. Additionally, review and strengthen access controls for sensitive data stored under the web root.

**Name of the Vulnerable Software and Affected Versions** Web Directory Pro (affected versions not specified) **Description** The issue allows remote attackers to perform certain actions without proper authorization. This includes the ability to backup the database by making a direct request to "admin/backup db.php" and modify configuration settings via a direct request to "admin/options.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluview Blue Magic Board (BMB) (aka BMForum) version 5.5 **Description** The issue allows remote attackers to obtain sensitive information via a direct request to various files, including "footer.php", "header.php", "db mysql error.php", "langlist.php", "sendmail.php", or "style.php". These files reveal the path in various error messages. **Recommendations** For Bluview Blue Magic Board (BMB) (aka BMForum) version 5.5, consider restricting direct access to the sensitive files "footer.php", "header.php", "db mysql error.php", "langlist.php", "sendmail.php", and "style.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ScriptsCenter ezUpload Pro version 2.2.0 **Description** The issue allows remote attackers to perform administrative activities without authentication. This can be achieved through various PHP files, including `filter.php`, which allows changing the Extensions Mode file type, `access.php` for changing the Protection Method, `edituser.php` for adding upload capabilities to user accounts, `settings.php` for changing the admin information, and `index.php` for uploading arbitrary files. **Recommendations** For ScriptsCenter ezUpload Pro version 2.2.0, consider temporarily restricting access to the mentioned PHP files (`filter.php`, `access.php`, `edituser.php`, `settings.php`, and `index.php`) until a patch is available. As a workaround, restrict the functionality provided by these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.