P0Desta

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** An issue was discovered in the software, where the admin component.php is exploitable via the "po-admin/route.php?mod=component&act=addnew" URI by using the `fupload` parameter to upload a ZIP file containing arbitrary PHP code. This code can be extracted and executed. The issue can also be exploited via CSRF, allowing for potential unauthorized access and code execution. **Recommendations** For PopojiCMS version 2.0.1, consider disabling the `fupload` parameter in the admin component.php to prevent uploading of malicious ZIP files until a patch is available. Restrict access to the "po-admin/route.php?mod=component&act=addnew" URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** The issue concerns a CSRF problem. It can be exploited via the "po-admin/route.php?mod=component&act=addnew" URI, allowing actions such as adding a level=1 account. **Recommendations** For PopojiCMS version 2.0.1, as a temporary workaround, consider restricting access to the "po-admin/route.php?mod=component&act=addnew" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** An issue in admin library.php allows remote attackers to delete arbitrary files via directory traversal in the "po-admin/route.php?mod=library&act=delete" endpoint, specifically using the `id` parameter. **Recommendations** For PopojiCMS version 2.0.1, consider restricting access to the `po-admin/route.php?mod=library&act=delete` endpoint to minimize the risk of exploitation, and avoid using the `id` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPSHE version 1.7 **Description** An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the `dbname` parameter in the "admin.php?mod=db&act=del" API endpoint. This can be leveraged to reload the product by deleting install.lock. **Recommendations** For PHPSHE version 1.7, as a temporary workaround, consider restricting access to the "admin.php?mod=db&act=del" API endpoint to minimize the risk of exploitation. Avoid using the `dbname` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPSHE version 1.7 **Description** An issue exists in the software, allowing SQL injection via the "admin.php?mod=user&act=del" API endpoint, specifically through the `user id[]` parameter. **Recommendations** For PHPSHE version 1.7, avoid using the `user id[]` parameter in the "admin.php?mod=user&act=del" API endpoint until the issue is resolved.