Ka7Arotto

**Name of the Vulnerable Software and Affected Versions** Langroid versions prior to 0.63.0 **Description** SQLChatAgent executes SQL produced by a Large Language Model (LLM), which can be influenced by prompt injection. When configured with a database role possessing privileges for code execution or filesystem access (such as PostgreSQL `pg execute server program`, MySQL `FILE`, or MSSQL `xp cmdshell`), an attacker can shape the agent's input—including indirectly via data returned to the LLM—to force the execution of dialect-specific primitives like `COPY ... FROM PROGRAM`. This can lead to remote code execution (RCE) on the database host. **Recommendations** Update to version 0.63.0. Ensure the `allow dangerous operations` variable is set to `False` to maintain the SELECT-only statement allowlist and dangerous-pattern blocklist.

**Name of the Vulnerable Software and Affected Versions** SQLBot versions prior to 1.7.1 **Description** The Text2SQL chat interface is susceptible to prompt injection. The `question` parameter is concatenated into the Large Language Model (LLM) prompt without filtering or escaping, and the resulting SQL is executed against the database without validation or sanitization. An authenticated attacker can manipulate the LLM to generate and execute arbitrary SQL statements. If connected to a PostgreSQL data source, this can lead to remote code execution via the COPY FROM PROGRAM command. **Recommendations** Update to version 1.7.1.

**Name of the Vulnerable Software and Affected Versions** FoxCMS version 1.2.5 **Description** The issue is related to an arbitrary file upload vulnerability in the component controllerLocalTemplate.php. This vulnerability allows attackers to execute arbitrary code by uploading a crafted Zip file. **Recommendations** For FoxCMS version 1.2.5, update to a version that fixes this issue to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was found in SeaCMS, allowing attackers to execute code remotely via the `isopen` parameter at the "admin weixin.php" endpoint. **Recommendations** For SeaCMS version 13.3, consider restricting access to the "admin weixin.php" endpoint until a patch is available, and avoid using the `isopen` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin notify.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to the admin notify.php component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin ping.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, consider disabling access to the admin ping.php component until a patch is available. Restrict access to this component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin template.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to the admin template.php component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin smtp.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, update to a version that includes a fix for this issue, as using the vulnerable admin smtp.php component may pose a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.5.3 **Description** The issue is related to an arbitrary file upload vulnerability in the admin/plugin.php component. This vulnerability allows attackers to execute arbitrary code by uploading a crafted Zip file. **Recommendations** For Emlog Pro version 2.5.3, consider disabling the file upload functionality in the admin/plugin.php component until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin ip.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to the admin ip.php component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** A remote code execution issue was discovered in the admin files.php component, allowing for potential code execution. **Recommendations** For SeaCMS version 13.3, update to a newer version that contains a fix for this issue, as using the vulnerable admin files.php component may pose a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.5.4 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `postStrVar` function at the "article save.php" endpoint. **Recommendations** For Emlog Pro version 2.5.4, update to a version that fixes this issue, as the current version allows for the execution of arbitrary web scripts or HTML, posing a significant security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.5.4 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Titile` in the article category section. **Recommendations** For Emlog Pro version 2.5.4, update to a version that fixes this issue to prevent arbitrary web script or HTML execution.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro version 2.5.4 **Description** A Server-Side Request Forgery (SSRF) issue in the `sort.php` component allows attackers to scan local and internal ports by supplying a crafted URL. **Recommendations** For Emlog Pro version 2.5.4, update to a newer version that contains a fix for this issue, as using a crafted URL can lead to scanning of local and internal ports. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 13.3 **Description** The issue is related to an arbitrary file read vulnerability in the `file get contents` function at `admin safe file.php`. **Recommendations** For SeaCMS version 13.3, consider restricting access to the `admin safe file.php` file until a patch is available. As a temporary workaround, avoid using the `file get contents` function in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FoxCMS version 1.2.5 **Description** A remote code execution issue was found in FoxCMS via the index() method at controllerSitemap.php. **Recommendations** For FoxCMS version 1.2.5, consider disabling the index() method in controllerSitemap.php as a temporary workaround until a patch is available.