Nikhil Srivastava

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.8.13 **Description** The issue allows remote authenticated users with certain permissions to execute arbitrary SQL commands. This is achieved via vectors involving the `restore` function. **Recommendations** For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the `restore` function for users with certain permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.8.13 **Description** The issue allows remote attackers to hijack the authentication of unspecified users for various requests, including deleting active users, deleting open questions, activating users, publishing FAQs, adding or deleting Glossary, adding or deleting FAQ news, adding or deleting comments, or adding votes. This is due to improper validation of CSRF tokens or a lack of a CSRF token. **Recommendations** For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functions that are vulnerable to CSRF attacks until the update is applied.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.8.13 **Description** The issue allows remote authenticated users with certain permissions to read arbitrary attachments due to incorrect "download an attachment" permission checks. **Recommendations** For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.8.13 **Description** The issue allows remote authenticated users with admin privileges to bypass authorization. This can be achieved by crafting a specific instance ID parameter. **Recommendations** For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to admin privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 2.8.13 **Description** The issue allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. **Recommendations** For versions prior to 2.8.13, update to version 2.8.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CS-Cart versions prior to 4.1.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `settings file` or `data file` parameters to specific API endpoints, such as (a) "ampie.swf", (b) "amline.swf", or (c) "amcolumn.swf". **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ampie.swf`, `amline.swf`, and `amcolumn.swf` endpoints to minimize the risk of exploitation. Avoid using the `settings file` and `data file` parameters in these endpoints until the issue is resolved.