Loopspell

**Name of the Vulnerable Software and Affected Versions** Pluck CMS versions prior to 4.7.13 **Description** A file upload restriction bypass issue allows an admin privileged user to gain access to the host through the "manage files" functionality, potentially resulting in remote code execution. **Recommendations** For Pluck CMS versions prior to 4.7.13, update to version 4.7.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the "manage files" functionality for admin privileged users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** FruityWifi versions through 2.4 **Description** The issue is related to an unsafe Sudo configuration, specifically `(ALL : ALL) NOPASSWD: ALL`, which allows an attacker to perform a system-level (root) local privilege escalation. This enables the attacker to gain complete persistent access to the local system. **Recommendations** For FruityWifi versions through 2.4, update the Sudo configuration to remove the `(ALL : ALL) NOPASSWD: ALL` setting to prevent local privilege escalation. As a temporary workaround, consider restricting the use of Sudo to minimize the risk of exploitation.