Julio Cesar

Name of the Vulnerable Software and Affected Versions: Happymall versions 4.3 through 4.4 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using .. (dot dot) sequences in the `file` parameter. Recommendations: For versions 4.3 and 4.4, restrict access to the `normal html.cgi` script until a fix is available. As a temporary workaround, consider validating and sanitizing the `file` parameter to prevent directory traversal attacks.

Name of the Vulnerable Software and Affected Versions: Happymall versions 4.3 through 4.4 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary web script. This is achieved via the `file` parameter. Recommendations: For versions 4.3 and 4.4, consider restricting access to the `normal html.cgi` script until a fix is available. As a temporary workaround, avoid using the `file` parameter in the affected script to minimize the risk of exploitation.