Pussycat0X

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.54.4 **Description** A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses `zipfile.extractall()` without validating entry paths, enabling attackers to escape the extraction directory using '../' sequences. A malicious ZIP archive can contain entries crafted to overwrite sensitive files, such as the Flask secret key (`/secret.txt`), application settings (`changedetection.json`), and watch configurations (`url-watches.json` or `watch.json` within a UUID directory). The vulnerability is triggered by uploading a specially crafted ZIP archive via the backup restore functionality at the `/backups/restore` endpoint. The `restore backup()` function (lines 50-53) is vulnerable. Attackers can upload ZIP files containing malicious content, which is then written to sensitive locations on the system. **Recommendations** Versions prior to 0.54.4 should be updated to version 0.54.4 or later.

**Name of the Vulnerable Software and Affected Versions** CMSimple version 5.4 **Description** The software contains an authenticated remote code execution issue that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token. The vulnerable functionality involves the ability to modify template files. The API endpoint used for template editing requires a valid CSRF token. The vulnerable parameter is the content of the template file being edited. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the template editing functionality. Ensure valid CSRF tokens are implemented and verified for all template editing requests.