Kamil Szczurowski

**Name of the Vulnerable Software and Affected Versions** Responsive FileManager version 9.14.0 **Description** An unauthenticated attacker can upload files of any type and extension without restriction via the 'dialog.php' endpoint. This unrestricted file upload can lead to Remote Code Execution, which allows an attacker to execute arbitrary code on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mpGabinet versions prior to 23.12.20 **Description** Privilege Escalation occurs due to excessive database privileges assigned to the application user. An attacker with access to a running application instance connected to the backend server can extract database credentials from the application's memory by inspecting the running process. These exposed credentials provide administrative access to the database, allowing actions that exceed the privileges required for normal application functionality and those permitted through the application interface. **Recommendations** Update to a version later than 23.12.19.

Some increased actor activities are shown targeting BinSoft mpGabinet (CVE-2026-40552) https://t.co/mUbccZwq7B

**Name of the Vulnerable Software and Affected Versions** mpGabinet versions prior to 23.12.20 **Description** mpGabinet performs client-side authentication, which is a process where the verification of user credentials happens on the user's device rather than the server. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary to authenticate as an arbitrary user. **Recommendations** Update to a version later than 23.12.19.

**Name of the Vulnerable Software and Affected Versions** LatePoint – Calendar Booking Plugin for Appointments and Events versions through 5.1.94 **Description** The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping in the `service[name]` parameter. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** Update LatePoint – Calendar Booking Plugin for Appointments and Events to a version later than 5.1.94.

**Name of the Vulnerable Software and Affected Versions** PAD CMS (affected versions not specified) **Description** The software’s photo upload functionality allows a remote attacker to upload files of any type and extension without restriction due to a client-controlled permission check parameter. This can lead to Remote Code Execution. The issue affects all three templates: `www`, `bip`, and `ww+bip`. The product is End-Of-Life and the producer will not release patches for this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PAD CMS (affected versions not specified) **Description** The file upload functionality in PAD CMS allows an unauthenticated remote attacker to upload files of any type and extension without restriction. This is due to a client-controlled permission check parameter. Successful exploitation can lead to Remote Code Execution. The issue affects all three templates: www, bip, and ww+bip. The product is End-Of-Life and the producer will not publish patches for this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GOV CMS versions prior to 4.0 **Description** The input from the search query parameter in GOV CMS is not properly sanitized, leading to a Blind SQL injection. This could be exploited by an unauthenticated remote attacker. **Recommendations** Ensure proper sanitization of input from the search query parameter.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS (affected versions not specified) Description: QuickCMS is vulnerable to Stored Cross-Site Scripting (XSS) in the `sTitle` parameter within the page editor functionality. A malicious attacker with admin privileges can inject arbitrary HTML and JavaScript into the website, which will be rendered and executed when visiting the edited page. A regular admin user is not able to inject any JavaScript scripts into the page. The vendor was notified about this issue but did not respond with details regarding vulnerable version ranges. Recommendations: QuickCMS version 6.8: As a temporary workaround, sanitize the `sTitle` input to prevent the injection of malicious HTML and JavaScript code. QuickCMS (affected versions not specified): As a temporary workaround, sanitize the `sTitle` input to prevent the injection of malicious HTML and JavaScript code.

Name of the Vulnerable Software and Affected Versions: QuickCMS.EXT version 6.8 QuickCMS.EXT (affected versions not specified) Description: QuickCMS.EXT is susceptible to a Reflected Cross-Site Scripting (XSS) issue within the thumbnail viewer functionality. An attacker can create a malicious URL that, when opened, leads to the execution of arbitrary JavaScript code in the victim’s browser. The vulnerability resides in the `sFileName` parameter. Recommendations: QuickCMS.EXT version 6.8: Address the vulnerability by sanitizing or validating the `sFileName` parameter within the thumbnail viewer functionality to prevent the injection of malicious scripts. QuickCMS.EXT (affected versions not specified): Address the vulnerability by sanitizing or validating the `sFileName` parameter within the thumbnail viewer functionality to prevent the injection of malicious scripts.

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS (affected versions not specified) Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an administrator, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified about this issue but did not respond with details or a vulnerable version range. Recommendations: QuickCMS version 6.8: Mitigate this issue by implementing CSRF tokens or other appropriate security measures to protect the article creation functionality. QuickCMS (affected versions not specified): Implement CSRF tokens or other appropriate security measures to protect the article creation functionality.

Name of the Vulnerable Software and Affected Versions: Lepszy BIP (affected versions not specified) Description: Lepszy BIP is susceptible to a Reflected Cross-Site Scripting (XSS) issue. Insufficient input validation within the `index.php` form allows for the execution of arbitrary JavaScript code in a victim’s browser through a specially crafted URL. The vendor was contacted regarding this disclosure but did not respond. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Articles Calendar versions 1.0.0 through 1.0.1.0007 **Description** A SQL injection issue exists in the Articles Calendar extension for Joomla. This allows attackers to execute arbitrary SQL commands. **Recommendations** Update Articles Calendar to a version later than 1.0.1.0007.

**Name of the Vulnerable Software and Affected Versions** Articles Good Search extension for Joomla versions 1.0.0 through 1.2.4.0011 **Description** A SQL injection issue exists in the Articles Good Search extension for Joomla. This allows attackers to execute arbitrary SQL commands. **Recommendations** Update Articles Good Search extension to a version later than 1.2.4.0011.

**Name of the Vulnerable Software and Affected Versions** Balbooa Forms versions 1.0.0 through 2.3.1.1 **Description** A SQL injection issue exists in the Balbooa Forms plugin for Joomla. Privileged users can execute arbitrary SQL commands through the `id` parameter. **Recommendations** Balbooa Forms versions 1.0.0 through 2.3.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Balbooa Gallery plugin versions 1.0.0 through 2.4.0 **Description** A stored cross-site scripting (XSS) issue exists in the Balbooa Gallery plugin for Joomla. Privileged users can store malicious scripts within gallery items. **Recommendations** Update Balbooa Gallery plugin to a version later than 2.4.0.

**Name of the Vulnerable Software and Affected Versions** RSMail! versions 1.19.20 through 1.22.26 **Description** A reflected cross-site scripting (XSS) issue exists in the RSMail! component for Joomla. The issue allows remote attackers to inject arbitrary web script or HTML via a manipulated parameter. **Recommendations** RSMail! versions 1.19.20 through 1.22.26: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSFiles! component versions 1.16.3 through 1.17.7 **Description** A denial-of-service issue exists in the RSFiles! component of Joomla. The problem allows unauthenticated remote attackers to disrupt service access through the search feature. **Recommendations** Update RSFiles! component to a version later than 1.17.7.

**Name of the Vulnerable Software and Affected Versions** RSDirectory! component versions 1.0.0 through 2.2.8 **Description** A stored cross-site scripting (XSS) issue exists in the RSDirectory! component. This allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. **Recommendations** Update RSDirectory! component to a version later than 2.2.8.

**Name of the Vulnerable Software and Affected Versions** RSBlog! versions 1.11.6 through 1.14.5 **Description** A stored cross-site scripting (XSS) issue exists in the RSBlog! component for Joomla. The issue allows remote authenticated users to inject arbitrary web script or HTML code via the `jform[tags text]` parameter. **Recommendations** RSBlog! versions 1.11.6 through 1.14.5: Update the component to a newer, secure version. As a temporary workaround, sanitize the `jform[tags text]` parameter to prevent the injection of malicious scripts.