Pandujar

**Name of the Vulnerable Software and Affected Versions** KBPublisher version 6.0.2.1 **Description** The issue concerns SQL Injection, which can be exploited through specific parameters in the application. The vulnerable parameters include `entry id[0]` in the "admin/index.php?module=report" endpoint, `id` in the "admin/index.php?module=log" endpoint, and `id[]` in the "index.php?View=print" endpoint. **Recommendations** For KBPublisher version 6.0.2.1, as a temporary workaround, consider restricting access to the `admin/index.php?module=report`, `admin/index.php?module=log`, and `index.php?View=print` endpoints until a patch is available. Avoid using the `entry id[0]`, `id`, and `id[]` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Televes COAXDATA GATEWAY 1Gbps devices version doc-wifi-hgw v1.02.0014 4.20 **Description** The issue concerns the lack of password.shtml authorization checks, allowing for arbitrary password changes. **Recommendations** For version doc-wifi-hgw v1.02.0014 4.20, consider restricting access to the password change functionality until a fix is available. As a temporary workaround, avoid using the password change feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Televes COAXDATA GATEWAY 1Gbps version doc-wifi-hgw v1.02.0014 4.20 **Description** The issue is related to the backup/restore feature, which lacks access control. This is connected to the `ReadFile.cgi` and `LoadCfgFile` functions. **Recommendations** For Televes COAXDATA GATEWAY 1Gbps version doc-wifi-hgw v1.02.0014 4.20, as a temporary workaround, consider restricting access to the `ReadFile.cgi` and `LoadCfgFile` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Televes COAXDATA GATEWAY 1Gbps version doc-wifi-hgw v1.02.0014 4.20 **Description** The issue concerns cleartext credentials stored in the `/mib.db` file. **Recommendations** For version doc-wifi-hgw v1.02.0014 4.20, consider restricting access to the `/mib.db` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.