Kietna

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.6.3 **Description** The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the `run id` parameter. This is considered a low-risk issue as it requires an authenticated user to exploit it. **Recommendations** For Apache Airflow versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the `run id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPFusion version 9.03.110 **Description** The issue concerns an arbitrary file upload vulnerability. Specifically, the File Manager function in the admin panel does not filter all PHP extensions, such as `.php`, `.php7`, `.phtml`, `.php5`, etc. This allows an attacker to upload a malicious file and execute code on the server. **Recommendations** For PHPFusion version 9.03.110, consider disabling the File Manager function in the admin panel until a patch is available to prevent the upload of malicious files. Restrict access to the admin panel to minimize the risk of exploitation. Avoid using the File Manager function to upload files with PHP extensions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPFusion version 9.03.110 **Description** The issue allows for remote code execution. The theme function extracts a file to "webroot/themes/{Theme Folder}", enabling an attacker to access and execute arbitrary code. **Recommendations** For PHPFusion version 9.03.110, as a temporary workaround, consider disabling the theme function until a patch is available. Restrict access to the "webroot/themes/{Theme Folder}" directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dzzoffice version 2.02.1 **Description** The issue is related to cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in `webroot/dzz/attach/Uploader.class.php` and a wrong response in content-type of output data in `webroot/dzz/attach/controller.php`. **Recommendations** For Dzzoffice version 2.02.1, ensure proper sanitization of input data in the upload functions within `Uploader.class.php` and correct the response content-type in `controller.php` to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPFusion version 9.03.110 **Description** The issue is related to cross-site scripting (XSS) in the preg patterns filter html tag without "//" in the `descript()` function. An authenticated user can trigger XSS by appending "//" at the end of the text. **Recommendations** For PHPFusion version 9.03.110, consider disabling the `descript()` function until a patch is available to prevent exploitation. Restrict access to the html tag filter to minimize the risk of XSS attacks. Avoid appending "//" at the end of text in the affected function to prevent triggering the issue.

Name of the Vulnerable Software and Affected Versions: Eyoucms version 1.5.4 Description: The issue is related to a lack of sanitization of input data, allowing an attacker to inject malicious code into the `filename` parameter to trigger Reflected XSS. Recommendations: For Eyoucms version 1.5.4, consider sanitizing the `filename` parameter to prevent malicious code injection until a patch is available. As a temporary workaround, restrict access to the `filename` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: The issue allows for Remote Code Execution due to insufficient input filtering. Specifically, the lack of filtering for characters like `<, >, ?, =, `, etc., enables an attacker to inject PHP code into the `/include/config.cache.php` file through the `WriteConfig()` function. Recommendations: For PHPMyWind version 5.6, consider disabling the `WriteConfig()` function until a patch is available to prevent potential code injection attacks. Restrict access to the `/include/config.cache.php` file to minimize the risk of exploitation. Avoid using unfiltered input in the affected function to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.5.4 Description: The issue lacks sanitization of input data, allowing an attacker to inject a URL and trigger blind Server-Side Request Forgery (SSRF) via the `saveRemote()` function. Recommendations: For eyoucms version 1.5.4, as a temporary workaround, consider disabling the `saveRemote()` function until a patch is available. Restrict access to the `saveRemote()` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.4 Description: A Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in the bind email function. This enables attackers to execute malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft. Recommendations: For EyouCMS version 1.5.4, consider restricting access to the bind email function or sanitizing the `title` parameter to prevent injection of malicious scripts until a patch is available. As a temporary workaround, avoid using the `title` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eyoucms version 1.5.4 Description: The issue is related to a lack of input data sanitization in parameters `tpldir`, `filename`, `type`, and `nid`. This allows an attacker to inject "../" and escape, potentially writing files to writable directories. Recommendations: For Eyoucms version 1.5.4, consider restricting access to the parameters `tpldir`, `filename`, `type`, and `nid` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.4 Description: The issue allows an attacker to redirect a user to a malicious URL via the Logout function, exploiting an Open Redirect weakness. Recommendations: For EyouCMS version 1.5.4, update to a newer version that contains a fix for this issue, as using the Logout function can lead to redirection to malicious URLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.