Osvaldotenorio

**Name of the Vulnerable Software and Affected Versions** Portabilis i-Educar version 2.8.0 **Description** The issue concerns a SQL Injection vulnerability in the `getDocuments` function of the `InstituicaoDocumentacaoController` class. Specifically, the `instituicao id` parameter in the "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao id" endpoint is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands. This could potentially lead to data compromise. **Recommendations** For Portabilis i-Educar version 2.8.0, as a temporary workaround, consider validating the `instituicao id` parameter to prevent SQL injection attacks. Restrict access to the `/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao id` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HSC Mailinspector version 5.2.17-3 **Description** A Path Traversal issue exists in the mliRealtimeEmails.php file, allowing an attacker to read and delete arbitrary files on the server due to improper validation of the file location by the `filename` parameter in the export HTML functionality. This can result in disruption of email information loading, as observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, leading to a 404 error. **Recommendations** For HSC Mailinspector version 5.2.17-3, consider disabling the export HTML functionality in the mliRealtimeEmails.php file until a patch is available to prevent exploitation of the Path Traversal vulnerability. Restrict access to the mliRealtimeEmails.php file to minimize the risk of arbitrary file deletion. Avoid using the `filename` parameter in the export HTML functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HSC Mailinspector versions 5.2.17-3 through 5.2.18 **Description** An Unauthenticated Path Traversal vulnerability exists in the `/public/loader.php` file. The `path` parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. **Recommendations** For HSC Mailinspector versions 5.2.17-3 through 5.2.18, as a temporary workaround, consider restricting access to the `/public/loader.php` file until a patch is available. Avoid using the `path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HSC Mailinspector versions 5.2.17-3 through 5.2.18 **Description** An authenticated blind SQL injection issue exists in the mliRealtimeEmails.php file. The `ordemGrid` parameter in a POST request to "/mailinspector/mliRealtimeEmails.php" does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands. This could lead to the potential disclosure of the entire application database. **Recommendations** For HSC Mailinspector versions 5.2.17-3 through 5.2.18, consider disabling access to the mliRealtimeEmails.php file or restricting the use of the `ordemGrid` parameter in the affected API endpoint until a patch is available. Avoid using the `ordemGrid` parameter in the POST request to "/mailinspector/mliRealtimeEmails.php" until the issue is resolved.