Richard1266

Name of the Vulnerable Software and Affected Versions: Video software version 2.0.0 Description: A Cross Site Request Forgery (CSRF) issue exists, allowing a malicious user to delete a video message. This is related to the `video list.php` file. Recommendations: For version 2.0.0, consider implementing proper CSRF token validation to prevent unauthorized actions, such as deleting video messages, until a patch is available. As a temporary workaround, restrict access to the `video list.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bycms version 1.3.0 Description: A Cross Site Request Forgery (CSRF) issue exists, allowing an attacker to add an admin account via the "admin.php/ucenter/add.html" endpoint. Recommendations: For bycms version 1.3.0, as a temporary workaround, consider disabling access to the "admin.php/ucenter/add.html" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: DamiCMS version 6.0.6 Description: A Cross Site Request Forgery (CSRF) issue exists, allowing the addition of an admin account via the "admin.php?s=/Admin/doadd" endpoint. This can be exploited to gain unauthorized access. Recommendations: For DamiCMS version 6.0.6, consider disabling access to the "admin.php?s=/Admin/doadd" endpoint until a patch is available to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: YUNUCMS version 1.1.9 Description: A Cross Site Scripting (XSS) issue exists via the `upurl` function in `Page.php`. This allows for potential malicious script execution. Recommendations: For YUNUCMS version 1.1.9, consider disabling the `upurl` function in `Page.php` until a patch is available to prevent exploitation.

Name of the Vulnerable Software and Affected Versions: YUNUCMS version 1.1.9 Description: A Cross Site Scripting (XSS) issue exists via the `param` parameter in the `insertContent` function in ContentModel.php. This allows for potential malicious script execution. Recommendations: For YUNUCMS version 1.1.9, consider disabling the `insertContent` function in ContentModel.php until a patch is available to prevent exploitation through the `param` parameter.

Name of the Vulnerable Software and Affected Versions: UKCMS version 1.1.10 Description: A Cross Site Scripting (XSS) issue exists in the index function in Single.php, allowing for potential exploitation via data input. This could lead to malicious script execution on the client-side. Recommendations: For UKCMS version 1.1.10, consider disabling the index function in Single.php as a temporary workaround until a patch is available. Restrict access to the Single.php file to minimize the risk of exploitation. Avoid using the index function in Single.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DamiCMS version 6.0.6 Description: A Cross Site Scripting (XSS) issue exists via the `title` parameter in the `doadd` function in `LabelAction.class.php`. This allows for potential malicious script execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: For DamiCMS version 6.0.6, consider restricting access to the `doadd` function in `LabelAction.class.php` to minimize the risk of exploitation. Avoid using the `title` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bycms version 1.3 Description: A Cross Site Request Forgery (CSRF) issue was found in bycms. This could potentially allow unauthorized actions on the system. The issue is related to the "admin.php/systems/index/module id/70/group id/1.html" endpoint. Recommendations: For bycms version 1.3, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

Name of the Vulnerable Software and Affected Versions: bycms version 3.0.4 Description: A Cross Site Scripting (XSS) issue exists due to the lack of proper validation in the `title` parameter within the edit function in Document.php. Recommendations: For bycms version 3.0.4, ensure proper validation and sanitization of the `title` parameter in the edit function of Document.php to prevent XSS attacks.

Name of the Vulnerable Software and Affected Versions: PbootCMS version 1.3.7 Description: A Cross Site Scripting (XSS) issue exists due to the `title` parameter in the `mod` function in `SingleController.php`. Recommendations: For PbootCMS version 1.3.7, avoid using the `title` parameter in the `mod` function in `SingleController.php` until a fix is available. Consider restricting access to the `mod` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AikCms version 2.0.0 **Description** The issue is related to a Cross Site Request Forgery (CSRF) vulnerability in the video list.php file. This can allow a malicious user to delete movie information. The vulnerability can be exploited by a remote attacker. **Recommendations** For AikCms version 2.0.0, consider disabling access to the video list.php file until a patch is available to prevent exploitation of the CSRF vulnerability. Restricting the functionality related to deleting movie information can also help minimize the risk.

**Name of the Vulnerable Software and Affected Versions** AikCms version 2.0.0 **Description** The issue is related to a lack of restrictions on file uploads in the poster edit.php file of the AikCms content management system. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is due to the background file management office not verifying the uploaded files. **Recommendations** For AikCms version 2.0.0, consider restricting access to the poster edit.php file until a patch is available, and ensure that all file uploads are properly verified to minimize the risk of exploitation.