Passtheticket

**Name of the Vulnerable Software and Affected Versions** Studio-42 eLfinder versions 2.1.62 and prior **Description** The issue is related to Remote Code Execution (RCE) due to the lack of restriction for uploading files with the .php8 extension. This allows users to upload malicious files, potentially leading to RCE. The estimated number of affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Studio-42 eLfinder versions 2.1.62 and prior, update to the latest version to mitigate risks. As a temporary workaround, consider restricting the upload of files with the .php8 extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenLiteSpeed version 1.7.8 **Description** The issue allows attackers to gain root terminal access and execute commands on the host system. This is a result of a privilege escalation flaw in the OpenLiteSpeed web server. **Recommendations** For OpenLiteSpeed version 1.7.8, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cockpit version 234 **Description** A Server-Side Request Forgery (SSRF) issue was discovered. The vendor has stated that they do not think it is a big real-life issue. This issue is unrelated to the Agentejo Cockpit product. **Recommendations** For version 234, there is no information about a newer version that contains a fix for this issue.