Offensive-Ai

**Name of the Vulnerable Software and Affected Versions** phpMyFAQ versions prior to 4.0.18 **Description** The WebAuthn prepare endpoint, `/api/webauthn/prepare`, in versions prior to 4.0.18 lacks authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create an unlimited number of user accounts, even when registration is disabled. The vulnerable parameter is not specified. **Recommendations** Update to version 4.0.18 or later.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.206 **Description** FreeScout, a PHP-based help desk and shared inbox application built on the Laravel framework, contains a flaw in its file upload restrictions. Prior to version 1.8.206, the application does not prevent the upload of `.htaccess` and `.user.ini` files. On Apache servers configured with `AllowOverride All`, an authenticated user can upload a `.htaccess` file, potentially redefining file processing rules and enabling Remote Code Execution. This issue can be exploited independently or in conjunction with another issue. The vulnerable file is located at `app/Misc/Helper.php`. The `upload` functionality is affected. **Recommendations** Versions prior to 1.8.206 should be updated to version 1.8.206 or later.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.206 **Description** FreeScout’s `TokenAuth` middleware generates authentication tokens using a predictable method: `MD5(user id + created at + APP KEY)`. These tokens are static and do not expire or rotate. If an attacker obtains the `APP KEY` – a common exposure vector in Laravel applications – they can compute a valid token for any user, including the administrator, leading to full account takeover without requiring a password. The `user id` and `created at` are components used in the token generation. **Recommendations** Upgrade to FreeScout version 1.8.206 or later.