Mohab Ali

**Name of the Vulnerable Software and Affected Versions** Web Reference Database (refbase) versions through 0.9.6 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. **Recommendations** For versions through 0.9.6, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Web Reference Database (aka refbase) versions prior to 0.9.7 **Description** The issue allows remote attackers to execute arbitrary commands via the `adminPassword` parameter. **Recommendations** For versions prior to 0.9.7, update to version 0.9.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** refbase versions prior to 0.9.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `where` parameter to "rss.php" or the `sqlQuery` parameter to "search.php". **Recommendations** For versions prior to 0.9.7, update to version 0.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "rss.php" and "search.php" scripts until a patch is available. Avoid using the `where` and `sqlQuery` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Web Reference Database (refbase) versions through 0.9.6 Web Reference Database (refbase) bleeding-edge versions before 2015-01-08 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including `errorNo` and `errorMsg` in the error.php endpoint "/error.php", `viewType` in the duplicate manager.php endpoint "/duplicate manager.php", and multiple parameters in the query manager.php endpoint "/query manager.php", such as `queryAction`, `displayType`, `citeOrder`, `sqlQuery`, `showQuery`, `showLinks`, `showRows`, and `queryID`. Additionally, the `sourceText` and `sourceIDs` parameters in the import.php endpoint "/import.php", and the `typeName` and `fileName` parameters in the modify.php endpoint "/modify.php" are also vulnerable. **Recommendations** For Web Reference Database (refbase) versions through 0.9.6, update to a version after 0.9.6. For Web Reference Database (refbase) bleeding-edge versions before 2015-01-08, update to a version after 2015-01-08. As a temporary workaround, consider restricting access to the vulnerable endpoints, such as "/error.php", "/duplicate manager.php", "/query manager.php", "/import.php", and "/modify.php", until a patch is available. Avoid using the vulnerable parameters, such as `errorNo`, `errorMsg`, `viewType`, `queryAction`, `displayType`, `citeOrder`, `sqlQuery`, `showQuery`, `showLinks`, `showRows`, `queryID`, `sourceText`, `sourceIDs`, `typeName`, and `fileName`, in the affected endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Web Reference Database (aka refbase) versions prior to 0.9.6 and bleeding-edge versions prior to 2015-01-08 **Description** The issue allows remote attackers to conduct XML injection attacks. This can be achieved via two parameters: the `id` parameter to the "unapi.php" endpoint or the `stylesheet` parameter to the "sru.php" endpoint. **Recommendations** For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. For bleeding-edge versions prior to 2015-01-08, ensure you are using a version from 2015-01-08 or later. As a temporary workaround, consider restricting access to the "unapi.php" and "sru.php" endpoints until a patch is available. Avoid using the `id` parameter in the "unapi.php" endpoint and the `stylesheet` parameter in the "sru.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** refbase versions prior to 0.9.6 refbase bleeding-edge versions prior to 2015-01-08 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the `referrer` parameter. This can be exploited to trick users into revealing sensitive information. **Recommendations** For refbase versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. For refbase bleeding-edge versions prior to 2015-01-08, update to a version released after 2015-01-08 to resolve the issue. As a temporary workaround, consider restricting access to the `referrer` parameter to minimize the risk of exploitation.