Jelle Janssens

**Name of the Vulnerable Software and Affected Versions** ChurchCRM version 5.16.0 **Description** A vulnerability has been found in ChurchCRM, affecting some unknown functionality of the component Referer Handler. This issue leads to server-side request forgery and can be launched remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For ChurchCRM version 5.16.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** timschofield webERP versions up to 5.0.0.rc+13 **Description** A problematic vulnerability has been found in timschofield webERP, affecting an unknown part of the file ConfirmDispatch Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the `Narrative` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider restricting access to the `ConfirmDispatch Invoice.php` file or disabling the manipulation of the `Narrative` argument until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenXE versions up to 1.12 **Description** A vulnerability was found in OpenXE, affecting unknown code of the component Ticket Bearbeiten Page. The manipulation of the `Notizen` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For OpenXE versions up to 1.12, as a temporary workaround, consider restricting access to the Ticket Bearbeiten Page component until a patch is available. Avoid using the `Notizen` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PiHome version 2.0 **Description** A problematic issue has been found in PiHome, affecting some unknown functionality of the file /home.php. The manipulation of the `page name` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** For version 2.0, consider restricting access to the /home.php file until a fix is available. As a temporary workaround, avoid using the `page name` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pihome-shc PiHome version 1.77 **Description** A critical issue affects some unknown functionality of the file "/ajax.php?Ajax=GetModal MQTTEdit". The manipulation of the `id` argument leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For pihome-shc PiHome version 1.77, consider disabling the "/ajax.php?Ajax=GetModal MQTTEdit" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pihome-shc PiHome version 1.77 **Description** A problem has been found in the /index.php file, affecting some unknown functionality. The issue is related to the manipulation of the `$ SERVER['PHP SELF']` argument, which leads to cross site scripting. This can be exploited remotely. **Recommendations** For pihome-shc PiHome version 1.77, consider disabling the `$ SERVER['PHP SELF']` argument in the /index.php file as a temporary workaround until a patch is available. Restrict access to the /index.php file to minimize the risk of exploitation. Avoid using the `$ SERVER['PHP SELF']` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** pihome-shc PiHome version 2.0 **Description** A critical vulnerability has been found in pihome-shc PiHome, affecting an unknown part of the file /user accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization, and it is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For pihome-shc PiHome version 2.0, as a temporary workaround, consider restricting access to the /user accounts.php?uid endpoint until a patch is available. Additionally, review the Role-Based Access Control component to ensure proper authorization mechanisms are in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pihome-shc PiHome version 2.0 **Description** A critical issue has been found in pihome-shc PiHome, affecting an unknown part of the file "/ajax.php?Ajax=GetModal Sensor Graph". The manipulation leads to SQL injection, and it is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For pihome-shc PiHome version 2.0, as a temporary workaround, consider disabling the "/ajax.php?Ajax=GetModal Sensor Graph" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.