Jmrcsnchz

**Name of the Vulnerable Software and Affected Versions** facileManager versions 4.5.0 and earlier **Description** The issue is related to insufficient input validation, which leads to cross-site scripting (XSS) in almost all input fields of the facileManager web application. **Recommendations** For versions 4.5.0 and earlier, consider implementing proper input validation to prevent XSS attacks. As a temporary workaround, restrict user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** facileManager versions 4.5.0 and earlier **Description** The issue concerns a modular suite of web apps built with the sysadmin in mind. In the affected versions, the `$ REQUEST` global array was unsafely called inside an `extract()` function in `admin-logs.php`. Although the PHP file `fm-init.php` prevents arbitrary manipulation of `$ SESSION` via the GET/POST parameters, it does not prevent manipulation of other sensitive variables such as `$search sql`. An authenticated user with privileges to view site logs can manipulate the `$search sql` variable by appending a GET parameter `search sql` in the URL. This renders the checks and SQL injection prevention attempts unusable. **Recommendations** For versions 4.5.0 and earlier, consider disabling the `extract()` function in `admin-logs.php` or restricting access to the `$search sql` variable until a patch is available. As a temporary workaround, avoid using the `search sql` parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** facileManager versions 4.5.0 and earlier **Description** The issue allows non-admin users to arbitrarily set their permissions and grant their non-admin accounts with super user privileges when updating their profile. This is done through a POST request containing user information sent to the endpoint "server/fm-modules/facileManager/ajax/processPost.php". **Recommendations** For versions 4.5.0 and earlier, as a temporary workaround, consider restricting access to the "server/fm-modules/facileManager/ajax/processPost.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WWBN AVideo versions prior to 12.4 **Description** A command injection issue exists in WWBN AVideo, allowing Remote Code Execution when the CloneSite Plugin is used. This issue is related to the `plugin/CloneSite/cloneClient.json.php` endpoint. It is a bypass to a previous fix and is patched in a specific commit. **Recommendations** For WWBN AVideo versions prior to 12.4, update to a version that includes the fix for this issue, specifically the commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. As a temporary workaround, consider disabling the CloneSite Plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AVideo versions prior to 12.4 **Description** An OS Command Injection issue in the authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. The vulnerable code executes a command that includes user-controlled input, specifically the `cloneSiteURL` variable, which can be manipulated through the admin panel's clone site feature. By hosting a specially crafted `cloneServer.json.php` file, an attacker can inject malicious commands, leading to remote code execution. This issue is exploited by sending a GET request to the vulnerable endpoint. **Recommendations** For versions prior to 12.4, update to version 12.4 to resolve the issue. As a temporary workaround, consider restricting access to the `/plugin/CloneSite/cloneClient.json.php` endpoint until the update is applied. Additionally, restrict the ability to control the `cloneSiteURL` variable through the admin panel to minimize the risk of exploitation.