Khaelk138

**Name of the Vulnerable Software and Affected Versions** HRConvert2 versions prior to 3.3.8 **Description** The `sanitizeString()` function in `convertCore.php` fails to include backticks (`) and tabs (t) in its strip list. This allows user-supplied input to reach the `shell exec()` function, enabling the shell to interpret these characters and execute commands embedded within filenames. **Recommendations** Update to version 3.3.8. As a temporary workaround, restrict access to the `sanitizeString()` function in `convertCore.php` until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Aperi'Solve versions prior to 3.2.1 **Description** Aperi'Solve, an open-source steganalysis web platform, is susceptible to an unauthenticated remote code execution (RCE) vulnerability. When uploading a JPEG file, a user-provided password is directly incorporated into a bash command without proper sanitization or validation. This allows an attacker to achieve root-level RCE within the worker container, granting full read/write access to user-uploaded images, analysis results, and steganography passwords. The attacker can potentially pivot to dump the entire PostgreSQL database or manipulate the Redis job queue. If Docker socket mounting or host volume mounts are present, full host compromise is possible, including website defacement. The vulnerability affects the JPSeek analyzer functionality. **Recommendations** Update to version 3.2.1 or later.