Kietna-68

**Name of the Vulnerable Software and Affected Versions** Opensis-Classic version 8.0 **Description** The issue allows an unauthenticated user to inject and execute JavaScript code through the `link url` parameter in Ajax url encode.php, resulting in cross-site scripting (XSS). **Recommendations** For Opensis-Classic version 8.0, consider restricting access to the Ajax url encode.php file or disabling the `link url` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Opensis-Classic version 8.0 **Description** The issue is caused by a lack of sanitization of input data at two parameters `usrid` and `prof id` in the PasswordCheck.php file, leading to a SQL injection vulnerability. **Recommendations** For Opensis-Classic version 8.0, consider disabling the PasswordCheck.php file or restricting access to the `usrid` and `prof id` parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Projectsend version r1295 **Description** The issue allows a user with an uploader role to download and edit all files of users in the application due to a lack of authorization checks in the `ids` parameter in files-edit.php and the `id` parameter in the process.php function. **Recommendations** For Projectsend version r1295, consider disabling the `process.php` function and restricting access to the `files-edit.php` file until a patch is available. Avoid using the `ids` and `id` parameters in the affected files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Projectsend version r1295 **Description** The issue allows a user with the Uploader role to bypass `fileName` sanitization by setting the value of the `chunks` parameter to `2`, potentially leading to a directory traversal vulnerability. **Recommendations** For Projectsend version r1295, as a temporary workaround, consider restricting the `chunks` parameter to prevent it from being set to `2` until a patch is available. Avoid using the `chunks` parameter with a value of `2` in the affected functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Projectsend version r1295 **Description** The issue is related to a directory traversal vulnerability. Due to a lack of sanitization for the `files[]` parameter, an attacker can exploit this by adding ../ to move PHP files or any file on the system with permissions to the /upload/files/ folder. **Recommendations** For Projectsend version r1295, consider restricting access to the `files[]` parameter to prevent directory traversal attacks until a patch is available. As a temporary workaround, avoid using the `files[]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Projectsend version r1295 **Description** The issue is caused by a lack of sanitization when echoing output data in the `returnFilesIds()` function, allowing a low privilege user to execute scripting code through the process.php file. This is a Cross Site Scripting (XSS) issue. **Recommendations** For Projectsend version r1295, consider disabling the `returnFilesIds()` function until a patch is available to prevent exploitation. Restrict access to the process.php file to minimize the risk of scripting code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CMSUno version 1.7.2 **Description** The issue allows for PHP code execution. It occurs in the `sauvePass` action within the `{webroot}/uno/central.php` file, which uses the `file put contents()` function to write the `username` in the `password.php` file when a user successfully changes their password. An attacker can inject malicious PHP code into `password.php` and then use the login function to execute the code. **Recommendations** For CMSUno version 1.7.2, consider disabling the `sauvePass` action in the `{webroot}/uno/central.php` file as a temporary workaround until a patch is available. Restrict access to the `password.php` file to minimize the risk of exploitation. Avoid using the `file put contents()` function to write user input to files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.