Minotauro2020

**Name of the Vulnerable Software and Affected Versions** PHPJabbers Limo Booking Software version 1.0 **Description** The issue allows for Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function. This can be achieved through the "index.php?controller=pjAdminUsers&action=pjActionCreate" URI. **Recommendations** For PHPJabbers Limo Booking Software version 1.0, consider disabling the Add Users Function until a patch is available to prevent exploitation. Restrict access to the "index.php?controller=pjAdminUsers&action=pjActionCreate" URI to minimize the risk of CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** mooSocial MooSocial Software version Demo **Description** The issue allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. This is a Cross Site Request Forgery vulnerability. **Recommendations** For mooSocial MooSocial Software version Demo, consider disabling the Delete Account and Deactivate functions as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mooSocial Software versions 3.1.6 through 3.1.7 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted script to the `edit menu`, `copuon`, and `group categorias` functions. This enables the attacker to perform actions such as executing arbitrary code. **Recommendations** For versions 3.1.6 and 3.1.7, consider disabling the `edit menu`, `copuon`, and `group categorias` functions until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.