P. Morimoto

Name of the Vulnerable Software and Affected Versions: Yeager CMS version 1.2.1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `passwordreset&token` parameter. Recommendations: For Yeager CMS version 1.2.1, avoid using the `passwordreset&token` parameter until the issue is resolved. As a temporary workaround, consider restricting access to the password reset functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aruba Airwave versions up to, but not including, 8.2.3.1 **Description** The issue allows an unprivileged user to control the contents of XML files, which can be used as an attack vector. This is due to the XML parser's ability to access storage on external systems through XML external entities (XXE). As the XML parser runs with the permissions of the web server and has access to the local filesystem, it can access any file readable by the web server and copy it to an external system chosen by the attacker. This could include files containing passwords, potentially leading to privilege escalation. **Recommendations** For Aruba Airwave versions up to, but not including, 8.2.3.1, update to version 8.2.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aruba Airwave versions up to, but not including, 8.2.3.1 **Description** The issue is related to a reflected cross-site scripting (XSS) vulnerability present in the VisualRF component. This vulnerability can be exploited by an attacker who tricks a logged-in administrative user into clicking a malicious link, potentially allowing the attacker to obtain sensitive information such as session cookies or passwords. The exploitation requires the administrative user to click on the link while logged into Airwave in the same browser. **Recommendations** For versions up to, but not including, 8.2.3.1, update to version 8.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the VisualRF component to minimize the risk of exploitation. Avoid clicking on suspicious links while logged into Airwave to prevent potential attacks.

**Name of the Vulnerable Software and Affected Versions** Zeta Producer Desktop CMS versions prior to 14.2.1 **Description** The issue allows for unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files. This is possible because the formmailer widget blocks .php files but not .php5 or .phtml files, which can be exploited. The vulnerability is related to the `/assets/php/formmailer/SendEmail.php` and `/assets/php/formmailer/functions.php` files. **Recommendations** For versions prior to 14.2.1, update to version 14.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/assets/php/formmailer/` directory or disabling the formmailer widget until a patch is applied. Avoid using the formmailer widget to handle file uploads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Yeager CMS version 1.2.1 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension, due to an unrestricted file upload vulnerability. **Recommendations** For Yeager CMS version 1.2.1, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting file uploads to only allow non-executable file extensions.

**Name of the Vulnerable Software and Affected Versions** Yeager CMS version 1.2.1 **Description** The issue concerns a SQL injection vulnerability in the password recovery feature. This vulnerability allows remote attackers to change the account credentials of known users via the `userEmail` parameter. **Recommendations** For Yeager CMS version 1.2.1, consider disabling the password recovery feature until a patch is available to prevent exploitation. Restrict access to the password recovery module to minimize the risk of exploitation. Avoid using the `userEmail` parameter in the affected feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Yeager CMS version 1.2.1 **Description** The issue allows remote attackers to trigger outbound requests and enumerate open ports. This is achieved via the `dbhost` parameter to specific API endpoints, including 'libs/org/adodb lite/tests/test adodb lite.php', 'libs/org/adodb lite/tests/test datadictionary.php', or 'libs/org/adodb lite/tests/test adodb lite sessions.php'. **Recommendations** For Yeager CMS version 1.2.1, as a temporary workaround, consider restricting access to the `dbhost` parameter in the affected API endpoints until a patch is available. Avoid using the `dbhost` parameter in the specified endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yeager CMS version 1.2.1 **Description** The issue allows local users to execute arbitrary SQL commands. This is achieved via the `pagedir orderby` parameter in the "yeager/y.php/tab USERLIST" endpoint. **Recommendations** For Yeager CMS version 1.2.1, avoid using the `pagedir orderby` parameter in the "yeager/y.php/tab USERLIST" endpoint until the issue is resolved.