Ihsan Sencan

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table names and schema details.

**Name of the Vulnerable Software and Affected Versions** Liquid Studio version 2.17 **Description** The software contains a denial of service issue that allows local attackers to disrupt the application. Attackers can trigger this by providing crafted input via the keyboard interface. Specifically, entering arbitrary characters during application runtime can cause the application to become unresponsive or terminate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blob Studio version 2.17 **Description** The software contains a denial of service issue that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pixel Studio version 2.17 **Description** The software contains a denial of service issue that allows local attackers to crash the application. This is achieved by providing malformed input through the keyboard interface. Attackers can trigger this by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paint Studio version 2.17 **Description** The software contains a denial of service issue that allows local attackers to cause the application to crash. Attackers can create a text file containing a large buffer of characters and trigger the application to read it, resulting in a crash and making the application unavailable. The issue occurs through the key entry mechanism when processing malformed input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tree Studio version 2.17 **Description** The software contains a denial of service issue that allows attackers with local access to disrupt the application. Attackers can cause the application to become unresponsive or terminate by providing crafted input through the keyboard interface. Specifically, entering arbitrary characters during application runtime can trigger this issue. **Recommendations** Update to a newer version of Tree Studio that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Luminance Studio version 2.17 **Description** A denial of service issue exists in Luminance Studio version 2.17. Local attackers can cause the application to crash by providing specially crafted input via the keyboard interface. Specifically, attackers can create a text file containing arbitrary character sequences and trigger the application to process this input, leading to unresponsiveness or abnormal termination. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** i-doit CMDB version 1.12 **Description** The software contains a flaw that allows authenticated attackers to download sensitive files. This is possible by manipulating the `file` parameter in the 'index.php' file. Attackers can send GET requests to ''index.php'' with `file manager=image` and provide arbitrary file paths, such as `src/config.inc.php`, to retrieve configuration files and sensitive system data. **Recommendations** Apply updates to address the issue in i-doit CMDB version 1.12.

**Name of the Vulnerable Software and Affected Versions** phpTransformer version 2016.9 **Description** The software contains a directory traversal issue that allows attackers without authentication to access arbitrary files. This is achieved by manipulating the `path` parameter. Attackers can send requests to the `jQueryFileUploadmaster` server endpoint using traversal sequences like `../../../../../` to list and retrieve files outside the intended directory. **Recommendations** Apply updates to address the issue in phpTransformer version 2016.9.

**Name of the Vulnerable Software and Affected Versions** Kepler Wallpaper Script version 1.1 **Description** An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the `category` parameter. Attackers can send GET requests to the 'category' endpoint using URL-encoded SQL UNION statements to extract database information, such as usernames, database names, and MySQL version details. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SimplePress CMS version 1.0.7 **Description** An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information, including usernames, database names, and version details. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeoToaster Ecommerce version 3.0.0 **Description** Authenticated attackers can read arbitrary files by manipulating path parameters in backend theme endpoints. This is achieved by sending POST requests to endpoints '/backend/backend theme/editcss/' or '/backend/backend theme/editjs/' using directory traversal sequences in the `getcss` or `getjs` parameters to retrieve file contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ownDMS version 4.7 **Description** An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the `IMG` parameter. This is achieved by sending GET requests to the endpoints 'pdfstream.php', 'imagestream.php', or 'anyfilestream.php' with crafted payloads in the `IMG` parameter to extract sensitive database information, such as the database names and version. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the endpoints 'pdfstream.php', 'imagestream.php', and 'anyfilestream.php' or avoid using the `IMG` parameter in these endpoints.

**Name of the Vulnerable Software and Affected Versions** i-doit CMDB version 1.12 **Description** The software contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can inject malicious code through the `objGroupID` parameter. By sending GET requests with crafted SQL payloads in the `objGroupID` parameter, attackers can extract sensitive database information, including usernames, database names, and version details. The vulnerable API endpoint is accessed via GET requests. **Recommendations** Apply a fix to sanitize the `objGroupID` parameter to prevent SQL injection. As a temporary workaround, restrict access to the affected API endpoint.

**Name of the Vulnerable Software and Affected Versions** Green CMS versions 2.x **Description** Green CMS contains an SQL injection issue that allows authenticated attackers to execute arbitrary SQL queries. Attackers can inject malicious code through the `cat` parameter. This is achieved by sending GET requests to the ''index.php'' file with the parameters ''m=admin'', ''c=posts'', and ''a=index'', and injecting SQL code into the `cat` parameter to manipulate database queries and extract sensitive information. **Recommendations** Versions prior to 2.x should be updated.

**Name of the Vulnerable Software and Affected Versions** phpTransformer version 2016.9 **Description** The software contains an SQL injection issue that could allow remote attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the `idnews` parameter. Attackers can send crafted GET requests to the ''GeneratePDF.php'' endpoint with SQL payloads in the `idnews` parameter to extract sensitive database information or manipulate queries. **Recommendations** Apply updates to address the issue in phpTransformer version 2016.9. As a temporary workaround, restrict access to the ''GeneratePDF.php'' endpoint. Avoid using the `idnews` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Green CMS versions 2.x **Description** The software contains a path traversal issue that allows authenticated attackers to download arbitrary files and directories. Attackers can manipulate the `theme name` parameter in the `themeexporthandle` action or provide base64-encoded file paths to the `downfile` action to retrieve sensitive files outside of intended directories. The API endpoint `/themeexporthandle` is affected, with the `theme name` parameter being vulnerable. The API endpoint `/downfile` is also affected, accepting base64-encoded file paths. **Recommendations** Versions prior to 2.x should be used.

**Name of the Vulnerable Software and Affected Versions** AVideo Platform version 8.1 **Description** The software contains a cross-site request forgery issue that allows attackers to reset user passwords. This is possible by exploiting the password recovery mechanism. Attackers can create malicious requests to the `/recoverPass` API endpoint using a user's recovery token to change account credentials without needing to authenticate. The vulnerable parameter is the user's recovery token. **Recommendations** Apply updates to address the issue in AVideo Platform version 8.1. As a temporary workaround, consider restricting access to the `/recoverPass` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AVideo Platform version 8.1 **Description** The software contains a cross-site request forgery condition that permits attackers to reset user passwords. This is achieved by exploiting the password recovery mechanism, where attackers can construct malicious requests to the `/recoverPass` API endpoint. Utilizing a user's recovery token, attackers can alter account credentials without proper authentication. **Recommendations** Apply updates to address the issue in AVideo Platform version 8.1.

**Name of the Vulnerable Software and Affected Versions** AVideo Platform version 8.1 **Description** An information disclosure issue exists in AVideo Platform version 8.1. This allows attackers to enumerate user details. The issue is present in the `playlistsFromUser.json.php` API endpoint. By manipulating the `users id` parameter, attackers can retrieve sensitive user information, including email addresses, password hashes, and administrative status. **Recommendations** Apply any available updates to address this vulnerability. As a temporary workaround, restrict access to the `playlistsFromUser.json.php` endpoint. Consider implementing stricter input validation for the `users id` parameter.