Mark Stanislav

Name of the Vulnerable Software and Affected Versions: IZON IP version 2.0.2 Description: The issue is related to a hard-coded password, which could potentially allow unauthorized access. Recommendations: For IZON IP version 2.0.2, update the device to remove the hard-coded password to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Fisher-Price Smart Toy Bear (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information or modify data on the Fisher-Price Smart Toy Bear devices. This can be achieved by leveraging presence in an 802.11 network's coverage area and entering an account number. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMoneyBooks versions prior to 1.0.3 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `module` parameter of the index.php file. This is a directory traversal vulnerability. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or disabling the `module` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpPaleo versions 4.8b155 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `lang` parameter of the index.php file. This is a directory traversal vulnerability. **Recommendations** For phpPaleo versions 4.8b155 and earlier, consider restricting access to the index.php file or the `lang` parameter to minimize the risk of exploitation until a patch is available. Avoid using the `lang` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** e-ticketing (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `password` parameter in the loginscript.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotel Booking Portal version 0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `country` parameter in the getcity.php file. **Recommendations** For Hotel Booking Portal version 0.1, consider restricting access to the getcity.php file until a patch is available. As a temporary workaround, avoid using the `country` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHP Grade Book versions prior to 1.9.5 BETA **Description** The issue allows remote attackers to read the database. This is achieved through the 'admin/index.php' file when a 'SaveSQL' action is performed. **Recommendations** For versions prior to 1.9.5 BETA, update to version 1.9.5 BETA or later to resolve the issue. As a temporary workaround, consider restricting access to the 'admin/index.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aphpkb versions prior to 0.95.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This can be achieved through various API endpoints, including "a viewusers.php" and "keysearch.php" via the `s` parameter, and for authenticated administrators, through "pending.php" via the `id` or `start` parameters, or "a authordetails.php" via the `aid` parameter. **Recommendations** For versions prior to 0.95.3, update to version 0.95.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "a viewusers.php", "keysearch.php", "pending.php", and "a authordetails.php", until the update is applied. Additionally, limit the use of the vulnerable parameters `s`, `id`, `start`, and `aid` in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FocalMedia.Net Quick Polls versions prior to 1.0.2 **Description** The issue allows remote attackers to read or delete arbitrary files due to directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the `p` parameter in either a preview or delete action to "index.php". **Recommendations** For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" file or disabling the preview and delete actions until a patch is available. Avoid using the `p` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Seo Panel version 2.2.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `default news` or `sponsors` cookies. These cookies are not properly handled by controllers such as `controllers/index.ctrl.php` or `controllers/settings.ctrl.php`. **Recommendations** For Seo Panel version 2.2.0, consider disabling the handling of `default news` and `sponsors` cookies in the affected controllers until a patch is available. Restrict access to `controllers/index.ctrl.php` and `controllers/settings.ctrl.php` to minimize the risk of exploitation. Avoid using the `default news` and `sponsors` cookies in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pointter PHP Content Management System version 1.0 **Description** The issue allows remote attackers to bypass authentication and obtain administrative privileges. This is achieved by setting arbitrary values of the `auser` and `apass` cookies. **Recommendations** For Pointter PHP Content Management System version 1.0, as a temporary workaround, consider restricting access to administrative areas until a patch is available. Avoid using the `auser` and `apass` cookies for authentication purposes in the affected version. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pulse CMS Basic versions prior to 1.2.9 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `p` parameter to "index.php". **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Orbis CMS version 1.0.2 **Description** The issue allows remote authenticated users to execute arbitrary code by uploading a .php file to the `fileman file upload.php` script and then accessing it via a direct request to the file in the uploads directory. **Recommendations** For Orbis CMS version 1.0.2, consider restricting or disabling the file upload functionality in `fileman file upload.php` to prevent the execution of arbitrary code until a proper fix is available. Additionally, restrict access to the uploads directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WSN Links versions 5.0.x through 5.0.80 WSN Links versions 5.1.x through 5.1.50 WSN Links versions 6.0.x through 6.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `namecondition` or `namesearch` parameter in the "search.php" file. **Recommendations** For versions 5.0.x through 5.0.80, update to version 5.0.81 or later. For versions 5.1.x through 5.1.50, update to version 5.1.51 or later. For versions 6.0.x through 6.0.0, update to version 6.0.1 or later.