Liotree

Name of the Vulnerable Software and Affected Versions: Cacti versions 1.3.x Description: A reflected cross-site scripting issue in Cacti allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This is related to the lack of measures to neutralize special elements in the display settings function, which can be exploited by a remote attacker to perform cross-site scripting using cookie forgery. Recommendations: For versions 1.3.x, update to a version that includes the fix for this issue, specifically the commit a38b9046e9772612fda847b46308f9391a49891e. As a temporary workaround, consider restricting access to the display settings function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-CodeIgniter-Bootstrap (affected versions not specified) **Description** The issue allows a remote attacker to execute arbitrary code via the `getLangFolderForEdit` method of the `Languages.php` component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da **Description** The issue allows a remote attacker to execute arbitrary code via the `manageQuantitiesAndProcurement` method of the `Orders model.php` component. This is a SQL Injection vulnerability. **Recommendations** For version d22b54e8915f167a135046ceb857caaf8479c4da, consider disabling the `manageQuantitiesAndProcurement` method of the `Orders model.php` component as a temporary workaround until a patch is available. Restrict access to the `Orders model.php` component to minimize the risk of exploitation. Avoid using the `manageQuantitiesAndProcurement` method in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-CodeIgniter-Bootstrap (affected versions not specified) **Description** An issue in Ecommerce-CodeIgniter-Bootstrap allows a remote attacker to execute arbitrary code via the `saveLanguageFiles` method of the `Languages.php` component. This issue can lead to privilege escalation. It is recommended to review the code for validation gaps and limit file write destinations to prevent remote attacks. **Recommendations** As a temporary workaround, consider disabling the `saveLanguageFiles` method of the `Languages.php` component until a patch is available. Restrict access to the `Languages.php` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da **Description** The issue allows a remote attacker to execute arbitrary code via the `removeSecondaryImage` method of the `Publish.php` component. This enables the attacker to perform unauthorized actions on the system. **Recommendations** For version d22b54e8915f167a135046ceb857caaf8479c4da, consider disabling the `removeSecondaryImage` method of the `Publish.php` component as a temporary workaround until a patch is available. Restrict access to the `Publish.php` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** onethink version 1.1 **Description** An issue in the software allows a remote attacker to execute arbitrary code via a crafted script to the `AddonsController.class.php` component. **Recommendations** For onethink version 1.1, consider disabling access to the `AddonsController.class.php` component until a patch is available. Restrict the execution of arbitrary code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** hisiphp version 2.0.111 **Description** An issue in hisiphp allows a remote attacker to execute arbitrary code via a crafted script to the `SystemPlugins::mkInfo` parameter in the SystemPlugins.php component. **Recommendations** For hisiphp version 2.0.111, consider disabling access to the SystemPlugins.php component or restricting the use of the `SystemPlugins::mkInfo` parameter until a patch is available. Avoid using the `SystemPlugins::mkInfo` parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** onethink version 1.1 **Description** A SQL injection issue allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. **Recommendations** For onethink version 1.1, consider restricting access to the ModelModel.class.php component until a patch is available. As a temporary workaround, avoid using user-supplied input in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gleez Cms version 1.2.0 **Description** The issue allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. This is a Server Side Request Forgery (SSRF) vulnerability. **Recommendations** For Gleez Cms version 1.2.0, consider disabling the request.php file in the modules/gleez/classes directory as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the vulnerable request.php file in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions 1.3.x **Description** A command injection vulnerability allows any unauthenticated user to execute arbitrary commands on the server when the `register argc argv` option of PHP is `On`. The vulnerability is located in `cmd realtime.php` and is exploited through the `$poller id` variable, which can be controlled by URL when `register argc argv` is `On`. This option is `On` by default in many environments. **Recommendations** For Cacti version 1.3.x, consider disabling the `cmd realtime.php` functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `poller id` variable in the affected API endpoint until the issue is resolved. Update to a version that includes the patch for the issue, as commit 53e8014d1f082034e0646edc6286cde3800c683d contains a fix, but ensure it is not reverted like in commit 99633903cad0de5ace636249de16f77e57a3c8fc. Note: The provided information does not include details about the number of potentially affected devices or real-world incidents.

**Name of the Vulnerable Software and Affected Versions** Razor version 0.8.0 **Description** The issue allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php. This is a SQL Injection vulnerability. **Recommendations** For Razor version 0.8.0, consider disabling the ChannelModel::updateapk method of the channelmodle.php until a patch is available. Restrict access to the channelmodle.php to minimize the risk of exploitation. Avoid using the ChannelModel::updateapk method in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** Cacti provides an operational monitoring and fault management framework. A SQL injection vulnerability in the `automation get new graphs sql` function of `api automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api automation.php` line 856, the `get request var('filter')` is being concatenated into the SQL statement without any sanitization. In `api automation.php` line 717, the filter of `'filter'` is `FILTER DEFAULT`, which means there is no filter for it. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 to resolve the issue. As a temporary workaround, consider disabling the `automation get new graphs sql` function until a patch is available. Restrict access to the `api automation.php` file to minimize the risk of exploitation. Avoid using the `get request var('filter')` variable in the affected API endpoint until the issue is resolved.