Langkexiansheng

Name of the Vulnerable Software and Affected Versions: FOGProject version 1.5.9 Description: The issue is related to a File Upload Remote Code Execution (RCE) that requires authentication. Recommendations: For FOGProject version 1.5.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PageKit version 1.0.18 Description: The issue allows a user to upload SVG files that can contain malicious scripts through the file upload portion of the CMS. These files are not stripped or filtered, enabling the creation of a link on the website that points to the malicious SVG file, such as "/storage/exp.svg", which can trigger a XSS attack when clicked. Recommendations: For PageKit version 1.0.18, consider disabling the file upload feature for SVG files until a patch is available, and restrict access to the "/storage/" directory to minimize the risk of exploitation.