Lorexxar

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 **Description** Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the `get discovery results` function of `automation devices.php` using the `network` parameter. This vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 1.2.29, update to version 1.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the `automation devices.php` file or disabling the `get discovery results` function until a patch is available. Avoid using the `network` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.29 **Description** Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the template function of host templates.php using the `graph template` parameter. This issue allows a remote attacker to execute arbitrary code due to inadequate protection of the SQL query structure. **Recommendations** For versions prior to 1.2.29, update to version 1.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the `host templates.php` template function until a patch is available. Avoid using the `graph template` parameter in the affected template function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 4.4 **Description** The issue is related to a lack of protection for the web page structure, allowing a remote attacker to impact data integrity. It involves a Cross Site Scripting (XSS) issue, where an attacker can exploit the vulnerability through the database host and user in the /installer/test.php endpoint. **Recommendations** For versions prior to 4.4, update to version 4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /installer/test.php endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions prior to 1.3.12 Roundcube Webmail versions 1.4.x prior to 1.4.5 **Description** The issue is related to insufficient protection measures for web page structures in Roundcube Webmail, allowing a remote attacker to impact data integrity. The problem is specifically with the `username` template object in `include/rcmail output html.php`, which allows for XSS attacks. **Recommendations** For Roundcube Webmail versions prior to 1.3.12, update to version 1.3.12 or later. For Roundcube Webmail versions 1.4.x prior to 1.4.5, update to version 1.4.5 or later. As a temporary workaround, consider restricting access to the `include/rcmail output html.php` file until a patch is available. Avoid using the `username` template object in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Roundcube Webmail versions prior to 1.3.12 Roundcube Webmail versions 1.4.x prior to 1.4.5 **Description** The issue is related to insufficient protection measures for web page structures in Roundcube Webmail, allowing a remote attacker to impact data integrity. There is a Cross-Site Scripting (XSS) vulnerability via a malicious XML attachment, as text/xml is among the allowed types for a preview. **Recommendations** For versions prior to 1.3.12, update to version 1.3.12 or later. For versions 1.4.x prior to 1.4.5, update to version 1.4.5 or later. As a temporary workaround, consider restricting the allowed types for preview to exclude text/xml until a patch is available.

**Name of the Vulnerable Software and Affected Versions** UpdraftPlus plugin versions 1.13.12 and earlier **Description** The issue allows remote PHP code execution due to a race condition in the `plupload action` function before deleting a file associated with the `name` parameter in `/wp-content/plugins/updraftplus/admin.php`. The vendor reports that this does not cross a privilege boundary. **Recommendations** For UpdraftPlus plugin versions 1.13.12 and earlier, update to a version later than 1.13.12 to resolve the issue. As a temporary workaround, consider restricting access to the `plupload action` function in `/wp-content/plugins/updraftplus/admin.php` to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** UpdraftPlus plugin versions 1.13.12 and earlier **Description** The issue concerns a Server-Side Request Forgery (SSRF) in the `updraft ajax handler` function, located in `/wp-content/plugins/updraftplus/admin.php`, which can be exploited via an `httpget` subaction. The vendor has noted that this issue does not cross a privilege boundary. **Recommendations** For versions 1.13.12 and earlier, consider disabling the `updraft ajax handler` function as a temporary workaround until a patch is available. Restrict access to the `/wp-content/plugins/updraftplus/admin.php` file to minimize the risk of exploitation. Avoid using the `httpget` subaction in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FineCms versions through 5.0.10 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It is located in the controllers/api.php file via the function parameter in a "c=api&m=data2" request. **Recommendations** For versions through 5.0.10, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns remote PHP code execution via the `param` parameter in an "action=cache" request to "libraries/Template.php", which is an example of Eval Injection. **Recommendations** For FineCms version 5.0.9, consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation, and avoid using the `param` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** dayrui FineCms version 5.0.9 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It occurs in the admin/Login.php file when a specific payload is entered into the `username` field, provided the payload does not start with a '<' character. **Recommendations** For dayrui FineCms version 5.0.9, as a temporary workaround, consider validating and sanitizing user input in the `username` field to prevent XSS attacks. Restrict access to the admin/Login.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns a SQL Injection flaw. It can be exploited via the `num` parameter in requests to "libraries/Template.php" with either "action=related" or "action=tags". **Recommendations** For FineCms version 5.0.9, avoid using the `num` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue is related to SQL Injection, which can be exploited via the `catid` parameter in an "action=related" request to the "libraries/Template.php" endpoint. **Recommendations** For FineCms version 5.0.9, avoid using the `catid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCms version 5.0.9 **Description** The issue concerns a SQL Injection flaw. It can be exploited via the `field` parameter in requests to "libraries/Template.php" with specific actions such as "module", "member", "form", or "related". **Recommendations** For FineCms version 5.0.9, avoid using the `field` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "libraries/Template.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dayrui FineCms version 5.0.9 **Description** The issue concerns URL Redirector Abuse via the `url` parameter in a sync action, related to the controllers/Weixin.php file. **Recommendations** For dayrui FineCms version 5.0.9, consider restricting access to the `url` parameter in the sync action to minimize the risk of exploitation. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineCMS through 2017-07-12 **Description** The issue allows for XSS in visitors.php due to the lack of restriction on JavaScript in visited URLs, both during logging and when reading logs. **Recommendations** For FineCMS through 2017-07-12, restrict JavaScript in visited URLs during logging and when reading logs to prevent XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** FineCMS through 2017-07-12 **Description** The issue allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action in the application/core/controller/images.php file. **Recommendations** For FineCMS through 2017-07-12, consider restricting image upload capabilities for authenticated admins until a fix is available. As a temporary workaround, avoid using the image upload feature via the route=images action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-12 **Description** A SQL Injection issue exists via the `visitor ip` parameter in the application/core/controller/excludes.php file. **Recommendations** For FineCMS versions prior to 2017-07-12, avoid using the `visitor ip` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FineCMS versions prior to 2017-07-12 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `folder`, `id`, or `name` parameter in the `/application/lib/ajax/get image.php` API endpoint. **Recommendations** For versions prior to 2017-07-12, as a temporary workaround, consider restricting access to the `/application/lib/ajax/get image.php` endpoint until a patch is available. Avoid using the `folder`, `id`, or `name` parameters in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Statistics plugin versions prior to 12.0.10 **Description** The issue concerns a security problem where an attacker can execute malicious scripts. This is possible due to improper validation of user input in the `rangestart` and `rangeend` parameters on the "wps referrers page" page. **Recommendations** For WP Statistics plugin versions prior to 12.0.10, update to version 12.0.10 or later to resolve the issue.