Pyriphlegethon

**Name of the Vulnerable Software and Affected Versions** FruityWifi versions through 2.4 **Description** The issue allows remote attackers to execute arbitrary code with root privileges via a crafted `mod name` parameter in a POST request to the "/www/modules/save.php" API endpoint. This can be exploited without a valid session. **Recommendations** For FruityWifi versions through 2.4, as a temporary workaround, consider restricting access to the "/www/modules/save.php" API endpoint until a patch is available. Avoid using the `mod name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Naviwebs Navigate CMS version 2.8 **Description** The issue allows remote attackers to bypass authentication. This is achieved via the `navigate-user` cookie in the `login.php` file. **Recommendations** For Naviwebs Navigate CMS version 2.8, update the `login.php` file to properly validate and sanitize the `navigate-user` cookie to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the `login.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Naviwebs Navigate CMS version 2.8 **Description** The issue concerns an "Unrestricted Upload of File with Dangerous Type" with directory traversal in navigate upload.php, allowing authenticated attackers to achieve remote code execution. This is done via a POST request with `engine` set to 'picnik' and `id` set to '../../../navigate info.php', which enables directory traversal. **Recommendations** For Naviwebs Navigate CMS version 2.8, consider restricting access to the navigate upload.php file to prevent unauthorized uploads and directory traversal attacks. As a temporary workaround, restrict the `engine` parameter to prevent it from being set to 'picnik' and limit the `id` parameter to prevent directory traversal.