Neo

**Name of the Vulnerable Software and Affected Versions** Crawl4AI versions prior to 0.8.0 **Description** Crawl4AI is affected by a remote code execution issue in the Docker API deployment. The `/crawl` endpoint accepts a `hooks` parameter containing Python code that is executed using `exec()`. The inclusion of the ` import ` builtin within the allowed builtins enables unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation can lead to full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks. The `/crawl` API endpoint is vulnerable due to the acceptance of a `hooks` parameter. This parameter contains Python code that is executed using the `exec()` function. The ` import ` function was present in the allowed builtins, allowing attackers to import arbitrary modules and execute system commands. An example attack vector involves sending a POST request to the `/crawl` endpoint with a JSON payload containing malicious code within the `hooks` parameter. **Recommendations** Versions prior to 0.8.0 should be upgraded to version 0.8.0. If an immediate upgrade is not possible, disable the Docker API. Alternatively, block the `/crawl` endpoint at the network level. Add authentication to the API.

**Name of the Vulnerable Software and Affected Versions** Crawl4AI versions prior to 0.8.0 **Description** Crawl4AI is affected by a local file inclusion issue in its Docker API deployment. The `/execute js`, `/screenshot`, `/pdf`, and `/html` API endpoints accept `file://` URLs, which allows unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as `/etc/passwd`, `/etc/shadow`, application configuration files, and environment variables via `/proc/self/environ`, potentially exposing credentials, API keys, and internal application structure. An example attack vector involves sending a POST request to the `/execute js` endpoint with a `url` parameter set to `file:///etc/passwd` and a `scripts` parameter. **Recommendations** Versions prior to 0.8.0: Disable the Docker API. Versions prior to 0.8.0: Add authentication to the API. Versions prior to 0.8.0: Use network-level filtering.

Name of the Vulnerable Software and Affected Versions: phpSmartCom version 0.2 Description: The issue allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the `p` parameter in the "index.php" file. This is a directory traversal vulnerability. Recommendations: For phpSmartCom version 0.2, consider restricting access to the `p` parameter in the "index.php" file to minimize the risk of exploitation. As a temporary workaround, avoid using the `p` parameter with untrusted input until a patch is available.

Name of the Vulnerable Software and Affected Versions: phpSmartCom version 0.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `uid` parameter in a 'viewprofile' action to 'index.php'. Recommendations: For phpSmartCom version 0.2, consider restricting access to the 'viewprofile' action in 'index.php' to minimize the risk of exploitation, and avoid using the `uid` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpBB (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the mod.php file of the datenbank module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpBB (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It affects the mod.php file in the datenbank module, allowing remote attackers to inject arbitrary web script or HTML via the `id` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** forumKIT version 1.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `members` parameter in the f.aspx file. **Recommendations** For forumKIT version 1.0, consider restricting access to the f.aspx file until a patch is available, and avoid using the `members` parameter in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.