Phan Trong Quan - Vnpt Cyber Immunity

Name of the Vulnerable Software and Affected Versions: Target Video Easy Publish versions through 3.8.8 Description: A missing authorization issue exists in Sovica Target Video Easy Publish. The vulnerability is related to a privilege escalation within the WordPress Shortcode `do shortcode` function. Recommendations: Update Target Video Easy Publish to a version later than 3.8.8.

**Name of the Vulnerable Software and Affected Versions** CHATLIVE versions n/a through 2.0.1 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 2.0.1, consider restricting access to sensitive database operations to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using user-input data directly in SQL commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MelaPress Login Security versions n/a through 2.1.0 **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection in MelaPress Login Security. **Recommendations** For versions n/a through 2.1.0, update to a version later than 2.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kadence WooCommerce Email Designer versions 1.5.14 and earlier **Description** The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. **Recommendations** For versions 1.5.14 and earlier, update to a version later than 1.5.14 to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Fetch Designs Sign-up Sheets versions prior to 2.3.0.1 **Description** The issue is related to improper control of code generation, allowing code injection. This problem enables the injection of code, potentially leading to unauthorized access or data manipulation. **Recommendations** For versions prior to 2.3.0.1, update to version 2.3.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bravo Search & Replace versions n/a through 1.0 **Description** The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind SQL Injection. **Recommendations** For versions n/a through 1.0, update to a version that fixes this issue, as the current version is affected by the SQL Injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** ADFO versions 1.9.1 and earlier **Description** The issue is related to the Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For ADFO versions 1.9.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NHR Options Table Manager versions 1.1.2 and earlier **Description** The issue is related to the deserialization of untrusted data, allowing object injection in the NHR Options Table Manager. **Recommendations** For versions 1.1.2 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.