Liquidsky

**Name of the Vulnerable Software and Affected Versions** FUDForum version 3.0.9 **Description** The issue allows for Stored XSS via the User-Agent HTTP header, potentially resulting in remote code execution. An attacker can compromise the system by using a user account and sending a GET request. When an admin views user information under "User Manager" in the control panel, the malicious payload will execute, enabling the writing of PHP files to the web root and execution of code on the remote server. The problem is located in the admsession.php and admuser.php files. **Recommendations** For FUDForum version 3.0.9, consider disabling the User-Agent HTTP header processing in admsession.php and admuser.php as a temporary workaround until a patch is available. Restrict access to the "User Manager" section in the control panel to minimize the risk of exploitation. Avoid using the User-Agent header in GET requests to the affected system until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ATutor version 2.2.4 **Description** The issue allows for arbitrary file upload and directory traversal, resulting in remote code execution. This can be achieved by including a ".." pathname in a ZIP archive uploaded to specific components, such as the Import New Language or Patcher component, which are accessed through the mods/ core/languages/language import.php or mods/ standard/patcher/index admin.php endpoints. **Recommendations** For ATutor version 2.2.4, consider restricting access to the `language import.php` and `index admin.php` files until a patch is available. As a temporary workaround, avoid using the ZIP archive upload feature in the Import New Language and Patcher components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** eLabFTW version 1.8.5 **Description** The issue allows for arbitrary file uploads via the /app/controllers/EntityController.php component, potentially resulting in remote command execution. An attacker can use a user account to fully compromise the system by sending a POST request, enabling them to write PHP files to the web root and execute code on the remote server. **Recommendations** For eLabFTW version 1.8.5, consider restricting access to the EntityController.php component as a temporary workaround until a patch is available. Avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ATutor versions prior to 2.2.5 **Description** The issue allows for arbitrary file uploads via the "mods/ core/backups/upload.php" component, potentially resulting in remote command execution. An attacker can use an instructor account to fully compromise the system by uploading a crafted backup ZIP archive, enabling them to write PHP files to the web root and execute code on the remote server. **Recommendations** For ATutor versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "mods/ core/backups/upload.php" component to minimize the risk of exploitation.