Pang0Lin

**Name of the Vulnerable Software and Affected Versions** Exponent-CMS versions 2.6.0 through 2.6.0 **Description** The issue allows attackers to gain access to sensitive information via the `selectValue` function in the `expConfig` class. This is a SQL Injection vulnerability. **Recommendations** For Exponent-CMS version 2.6.0, update to version 2.7.0 to resolve the issue. As a temporary workaround, consider disabling the `selectValue` function in the `expConfig` class until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SP Project & Document Manager WordPress plugin versions prior to 4.24 **Description** The issue allows any authenticated users to upload files, despite the plugin's attempt to prevent PHP and other executable files from being uploaded by checking the file extension. On Windows servers, the security checks are insufficient, enabling potential uploads of backdoors on vulnerable sites. **Recommendations** For versions prior to 4.24, update to version 4.24 or later to resolve the issue. As a temporary workaround, consider restricting file uploads for authenticated users, such as subscribers, until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Cookie Bar WordPress plugin versions prior to 1.8.9 **Description** The issue is related to the improper sanitization of the Cookie Bar Message setting, which could allow high-privilege users to perform Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.8.9, update to version 1.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cookie Bar Message setting to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Side Menu Lite WordPress plugin versions prior to 2.2.6 **Description** The issue arises from the plugin's failure to sanitise user input from the List page in the admin dashboard before using it in SQL statements, leading to a SQL Injection issue. **Recommendations** For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard's List page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Stock in & out WordPress plugin versions 1.0.4 and earlier **Description** The issue is related to a lack of proper sanitization before passing variables to an SQL request, making it susceptible to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability. **Recommendations** For versions 1.0.4 and earlier, update to a version that properly sanitizes variables before passing them to SQL requests to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Side Menu Lite – add sticky fixed buttons WordPress plugin versions prior to 2.2.1 **Description** The issue concerns the improper sanitization of input values from the browser when building an SQL statement, potentially allowing an SQL Injection attack. Users with the administrator role or permission to manage this plugin could exploit this. **Recommendations** For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.4.0 patch1 **Description** The issue arises from untrusted input being passed into the `getSearchResults` method in the `/framework/modules/notfound/controllers/notfoundController.php` file. This method, defined in the search model, uses the parameter `$term` directly in SQL, leading to a SQL injection issue. **Recommendations** For Exponent CMS version 2.4.0 patch1, consider modifying the `getSearchResults` method to properly sanitize or parameterize the `$term` variable to prevent direct SQL injection. As a temporary workaround, restrict access to the `notfoundController.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.4.0 **Description** The issue allows remote attackers to read user information. This is achieved through the getUsersByJSON endpoint, specifically by appending a string to the "users/getUsersByJSON/sort/" endpoint. **Recommendations** For Exponent CMS version 2.4.0, consider restricting access to the getUsersByJSON endpoint in the usersController.php file as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.4.0patch1 **Description** The issue allows remote attackers to read address information due to improper access restriction to user records. This can be demonstrated by accessing the "address/show/id/1" URI. **Recommendations** For Exponent CMS version 2.4.0patch1, consider restricting access to the address information by properly securing the usersController.php file in the framework/modules/users/controllers directory to prevent unauthorized reading of user records. As a temporary workaround, consider disabling the address/show/id API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.4.0 **Description** The issue allows remote attackers to read user information by modifying the `id` number. This is related to an issue with "addresses, countries, and regions". An example of exploitation is via the endpoint "address/edit/id/1". **Recommendations** For Exponent CMS version 2.4.0, consider restricting access to the `address/edit/id/` endpoint until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent CMS version 2.4.0 **Description** The issue allows remote attackers to read database information. This is achieved by exploiting the search string parameter in the "action=search&module=search" API endpoint. **Recommendations** For Exponent CMS version 2.4.0, consider restricting access to the searchController.php module to minimize the risk of exploitation. Avoid using the `search string` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.