Hexifeo

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The issue arises from an incomplete '.htaccess' file for blacklist filtering on the product page, which fails to prevent the execution of files with the '.pht' extension. This allows remote authenticated administrators to upload '.pht' files, leading to arbitrary PHP code execution. The exploitation occurs via the "/catalog/admin/categories.php?cPath=&action=new product" API endpoint, specifically by manipulating the `cPath` and `action` variables. **Recommendations** For osCommerce version 2.3.4.1, update the '.htaccess' file to include the '.pht' extension in the blacklist filter to prevent arbitrary PHP code execution. As a temporary workaround, consider restricting access to the "/catalog/admin/categories.php" API endpoint for authenticated administrators until a patch is available.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The issue is related to an incomplete '.htaccess' file for blacklist filtering in the product page, allowing remote authenticated administrators to upload new '.htaccess' files. This can lead to arbitrary PHP code execution via the "/catalog/admin/categories.php?cPath=&action=new product" API endpoint, specifically by manipulating the `cPath` and `action` variables. **Recommendations** For osCommerce version 2.3.4.1, restrict access to the "/catalog/admin/categories.php" API endpoint to prevent arbitrary PHP code execution. As a temporary workaround, consider disabling the product upload feature for administrators until a proper fix is applied. Ensure that all '.htaccess' files are properly configured to prevent malicious uploads.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS version 4.2.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a .pht or .phar file. This is because the .htaccess file omits these file types, specifically affecting the `/panel/uploads` endpoint. **Recommendations** For Subrion CMS version 4.2.1, consider updating the .htaccess file to include .pht and .phar files to prevent arbitrary PHP code execution. As a temporary workaround, restrict access to the `/panel/uploads` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS version 3.3.15 **Description** The issue allows HTML execution through alternative file uploads. This can occur with files having no extension or unrecognized extensions, such as 'test' or 'test.asdf', due to vulnerabilities in admin/upload-uploadify.php and the validate safe file function in admin/inc/security functions.php. **Recommendations** For GetSimpleCMS version 3.3.15, consider restricting or validating file uploads more strictly to prevent HTML execution, and review the validate safe file function in admin/inc/security functions.php to ensure it correctly handles files with no or unrecognized extensions.

**Name of the Vulnerable Software and Affected Versions** GetSimpleCMS version 3.3.15 **Description** The issue concerns the upload functionality in GetSimpleCMS, where the `admin/upload.php` blocks uploads of `.html` files, but Internet Explorer can still render HTML elements in a `.eml` file. This is due to the `admin/upload-uploadify.php` and the `validate safe file` function in `admin/inc/security functions.php`. **Recommendations** For GetSimpleCMS version 3.3.15, consider restricting the upload of `.eml` files or disabling the `upload-uploadify.php` functionality until a proper fix is available. Additionally, review and modify the `validate safe file` function in `admin/inc/security functions.php` to properly handle file type validation and prevent potential HTML rendering in unauthorized file types.

**Name of the Vulnerable Software and Affected Versions** Codiad version 2.8.4 **Description** The issue allows remote authenticated administrators to execute arbitrary code by uploading an executable file. **Recommendations** For version 2.8.4, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting file upload capabilities to prevent the execution of arbitrary code.

**Name of the Vulnerable Software and Affected Versions** ClipperCMS version 1.3.3 **Description** The issue allows remote authenticated administrators to upload .htaccess files, which could potentially lead to security problems. **Recommendations** For ClipperCMS version 1.3.3, restrict access to the file upload feature for administrators until a patch is available, and consider disabling the ability to upload .htaccess files as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The issue is related to an incomplete '.htaccess' file for blacklist filtering in the product page, allowing alternative cases for HTML execution. This includes files with no extension or unrecognized extensions, such as 'test' or 'test.asdf'. **Recommendations** For osCommerce version 2.3.4.1, consider updating the '.htaccess' file in the catalog/images/ directory to include additional rules that handle files with no extension or unrecognized extensions, preventing HTML execution. As a temporary workaround, restrict access to the catalog/images/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The issue concerns an incomplete '.htaccess' file for blacklist filtering in the product page of osCommerce. Specifically, the .htaccess file in the catalog/images/ directory bans the html extension, but Internet Explorer can render HTML elements in a .eml file. **Recommendations** For osCommerce version 2.3.4.1, consider updating the .htaccess file in the catalog/images/ directory to properly handle .eml files and prevent the rendering of HTML elements within them. As a temporary workaround, restrict access to the catalog/images/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The issue is related to an incomplete '.htaccess' file for blacklist filtering in the product page. Specifically, the .htaccess file in catalog/images/ bans the html extension, but there are several extensions, such as the svg extension, in which contained HTML can be executed. **Recommendations** For osCommerce version 2.3.4.1, consider updating the .htaccess file in catalog/images/ to include additional extensions that can execute HTML, such as the svg extension, to prevent potential exploitation. As a temporary workaround, restrict access to the catalog/images/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue concerns stored XSS that can be triggered by remote authenticated administrators. This occurs when a file without an extension is uploaded, and in certain cases, this file is interpreted as text/html, allowing JavaScript content to be executed. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. The API endpoint "/admin/index.php?id=filesmanager" is involved, and the `id` variable is used to access the files manager. The lack of a file extension allows the file to be interpreted as text/html. **Recommendations** For Monstra CMS version 3.0.4, consider restricting access to the "/admin/index.php?id=filesmanager" endpoint until a fix is available, and ensure that all uploaded files have appropriate extensions to prevent them from being interpreted as text/html.

**Name of the Vulnerable Software and Affected Versions** Monstra CMS versions prior to 3.0.5 **Description** The issue is related to an incomplete list of forbidden file types, allowing remote authenticated Admins or Editors to execute arbitrary PHP code by uploading files with certain extensions, such as .pht or .phar. **Recommendations** For Monstra CMS versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary extensions and disabling the ability for Admins or Editors to upload files with .pht or .phar extensions.