Osirys

**Name of the Vulnerable Software and Affected Versions** CMS Faethon version 2.2.0 Ultimate **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `item` parameter in the "info.php" file. **Recommendations** For CMS Faethon version 2.2.0 Ultimate, consider restricting access to the `info.php` file or the `item` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bloggeruniverse Beta 2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the `id` parameter in editcomments.php when magic quotes gpc is disabled. **Recommendations** For Bloggeruniverse Beta 2, consider disabling the use of the `id` parameter in editcomments.php or enabling magic quotes gpc to minimize the risk of exploitation. Additionally, restrict access to editcomments.php to prevent unauthorized SQL command execution.

Name of the Vulnerable Software and Affected Versions: 2532|Gigs version 1.2.2 Stable Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `language` parameter to various PHP files, including "settings.php", "deleteuser.php", "mini calendar.php", "manage venues.php", and "manage gigs.php", when register globals is enabled and magic quotes gpc is disabled. Recommendations: For 2532|Gigs version 1.2.2 Stable, consider disabling the `register globals` setting and enabling `magic quotes gpc` to mitigate the risk of exploitation. Additionally, restrict access to the vulnerable PHP files, such as "settings.php", "deleteuser.php", "mini calendar.php", "manage venues.php", and "manage gigs.php", to minimize the risk of arbitrary file inclusion. Avoid using the `language` parameter in the affected files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: 2532|Gigs version 1.2.2 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `upload flyer.php` file, and then accessing it via a direct request to the file in `flyers/`. Recommendations: For version 1.2.2, consider restricting access to the `upload flyer.php` file to prevent unauthorized file uploads until a patch is available. Additionally, restrict access to the `flyers/` directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: X-Forum version 0.6.2 Description: A static code injection issue allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the `adminEMail` parameter to "SaveConfig.php" API endpoint. Recommendations: For X-Forum version 0.6.2, avoid using the `adminEMail` parameter in the SaveConfig.php endpoint until the issue is resolved. Consider restricting access to the SaveConfig.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: X-Forum version 0.6.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is demonstrated via the `cookie username` parameter to "Configure.php". The `xforum validateUser` function in Common.php is affected. Recommendations: For X-Forum version 0.6.2, avoid using the `cookie username` parameter in the affected "Configure.php" until the issue is resolved. As a temporary workaround, consider restricting access to the `xforum validateUser` function in Common.php to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier Description: The issue allows remote authenticated users to execute arbitrary PHP code via specific parameters. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of parameters such as `fav1 url`, `fav1 name`, `fav2 url`, `fav2 name`, `fav3 url`, `fav3 name`, `fav4 url`, `fav4 name`, `fav5 url`, and `fav5 name` to inject code into the system. Recommendations: For YourPlace versions 1.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the `upload.php` endpoint, and then accessing it via a direct request to the file. Recommendations: For versions 1.0.2 and earlier, consider restricting access to the `upload.php` endpoint until a fix is available, and avoid allowing uploads of files with executable extensions.

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier Description: The issue allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user, due to the lack of checks for existing usernames during account creation. Recommendations: For versions 1.0.2 and earlier, update to a version that includes a fix for this issue, which should include checks to prevent registration of existing usernames.

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier Description: The issue allows remote attackers to obtain sensitive system information. This is achieved by making a direct request to the "user/uploads/phpinfo.php" endpoint, which calls the `phpinfo()` function, potentially exposing critical system details. Recommendations: For versions 1.0.2 and earlier, consider restricting access to the "user/uploads/phpinfo.php" endpoint to prevent unauthorized disclosure of system information. As a temporary workaround, removing or disabling the `phpinfo()` function call in this endpoint can help mitigate the risk until a more permanent fix is applied.

Name of the Vulnerable Software and Affected Versions: YourPlace versions 1.0.2 and earlier Description: The issue allows remote attackers to access a database containing user credentials via a direct request for `users.txt`, due to insufficient access control of sensitive information stored under the web root. Recommendations: For versions 1.0.2 and earlier, restrict access to the `users.txt` file to prevent unauthorized access to user credentials. Consider relocating sensitive information outside of the web root or implementing proper access controls to mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flexcustomer version 0.0.6 Description: A static code injection issue exists, potentially allowing remote attackers to inject arbitrary PHP code into const.inc.php via the `installdbname` parameter, also known as the Database Name field. Recommendations: For Flexcustomer version 0.0.6, as a temporary workaround, consider restricting access to the admin/install.php file until the issue is resolved. To fully resolve the issue, follow the installation instructions and delete the admin/install.php file after installation.

Name of the Vulnerable Software and Affected Versions: Silentum LoginSys version 1.0.0 Description: The issue allows remote attackers to bypass authentication and gain access to an arbitrary account. This is achieved by setting the `logged in` cookie to the username of the target account. Recommendations: For Silentum LoginSys version 1.0.0, consider implementing proper authentication mechanisms to prevent unauthorized access, such as validating user sessions and cookies to ensure they cannot be tampered with or set arbitrarily. As a temporary workaround, restrict access to sensitive areas of the application until a proper fix is implemented.

Name of the Vulnerable Software and Affected Versions: RSMScript version 1.21 Description: The issue allows remote attackers to bypass authentication and gain administrative privileges. This is achieved by setting the `verified` cookie to an arbitrary value and making direct requests to specific API endpoints, including "delete.php", "edit-submit.php", "edit.php", "submit.php", and "update.php". This bypasses the security check performed by "verify.php". Recommendations: For RSMScript version 1.21, as a temporary workaround, consider restricting access to the API endpoints "delete.php", "edit-submit.php", "edit.php", "submit.php", and "update.php" until a patch is available. Additionally, avoid using arbitrary values for the `verified` cookie to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FlexPHPLink Pro version 0.0.7 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension to submitlink.php, and then accessing it via a direct request to the renamed file in linkphoto/. Recommendations: For FlexPHPLink Pro version 0.0.7, consider restricting access to the submitlink.php file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict access to the linkphoto/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Web File Explorer version 3.1 **Description** The issue allows remote attackers to create arbitrary files and execute arbitrary code. This is achieved by using the savefile action with a file parameter containing a filename that has an executable extension in the body.asp file. **Recommendations** For Web File Explorer version 3.1, consider restricting access to the body.asp file to prevent remote attackers from creating and executing arbitrary files. As a temporary workaround, restrict the savefile action to prevent the creation of files with executable extensions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Web File Explorer version 3.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the "body.asp" file. **Recommendations** For Web File Explorer version 3.1, avoid using the `id` parameter in the body.asp file until a fix is available. Consider restricting access to the body.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bloginator version 1A **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the articleCall.php file. **Recommendations** For Bloginator version 1A, avoid using the `id` parameter in the articleCall.php file until a fix is available. As a temporary workaround, consider restricting access to the articleCall.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ProQuiz version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "index.php" file. Recommendations: For ProQuiz version 1.0, consider restricting access to the vulnerable index.php file until a patch is available. As a temporary workaround, avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Butterfly Organizer version 2.0.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mytable` parameter in the "view.php" file. Recommendations: For Butterfly Organizer version 2.0.1, avoid using the `mytable` parameter in the vulnerable "view.php" file until a fix is available. Consider restricting access to the "view.php" file to minimize the risk of exploitation.