S.W.A.T

Name of the Vulnerable Software and Affected Versions: AvailScript Article Script (affected versions not specified) Description: The issue concerns an unrestricted file upload vulnerability in the "Add Pen/Author Name" feature, located in the addpen.php file. This vulnerability allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it directly via a request to the file in the photos/ directory. Recommendations: For AvailScript Article Script, restrict access to the "Add Pen/Author Name" feature in addpen.php to prevent unauthorized file uploads. As a temporary workaround, consider disabling the execution of files in the photos/ directory until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ReVou Micro Blogging TClone plugin (affected versions not specified) Description: The issue concerns an unrestricted file upload vulnerability. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it directly. The vulnerability is specifically in the index.php file of the TClone plugin. Recommendations: For the TClone plugin, consider disabling the file upload functionality in index.php until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to the settings/my photo directory to minimize the risk of exploitation. Avoid using the file upload feature in the TClone plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FlexPHPic versions 0.0.4 and earlier FlexPHPic Pro versions 0.0.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `checkuser` parameter (also known as the `username` field) or the `checkpass` parameter (also known as the `password` field) in the "admin/usercheck.php" file, which is accessible through the "admin/index.php" endpoint. **Recommendations** For FlexPHPic versions 0.0.4 and earlier, consider disabling the `checkuser` and `checkpass` parameters in the "admin/usercheck.php" file until a patch is available. For FlexPHPic Pro versions 0.0.3 and earlier, restrict access to the "admin/index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pilot Group (PG) eTraining (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the news read.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YourFreeWorld Banner Management Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the tr.php file. This can lead to unauthorized access and manipulation of database content. **Recommendations** For YourFreeWorld Banner Management Script, consider restricting access to the tr.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Maian Weblog versions 4.0 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary `weblog cookie` cookie. Recommendations: For Maian Weblog versions 4.0 and earlier, update to a version later than 4.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Maian Recipe versions 1.2 and earlier **Description** The issue allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary `recipe cookie` cookie. **Recommendations** For Maian Recipe versions 1.2 and earlier, as a temporary workaround, consider restricting access to the admin/index.php page until a patch is available. Avoid using the `recipe cookie` cookie in the affected admin/index.php page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maian Uploader versions 4.0 and earlier **Description** The issue allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary `uploader cookie` cookie to the "admin/index.php" endpoint. **Recommendations** For Maian Uploader versions 4.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maian Guestbook versions 3.2 and earlier **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by sending an arbitrary `gbook cookie` cookie to the "admin/index.php" endpoint. **Recommendations** For Maian Guestbook versions 3.2 and earlier, update to a version later than 3.2 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Maian Search versions 1.1 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by sending an arbitrary `search cookie` cookie to the "admin/index.php" endpoint. Recommendations: For Maian Search versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: jSite version 1.0 OE Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `page` parameter to the default URI. Recommendations: For jSite version 1.0 OE, consider restricting access to the default URI or validating and sanitizing the `page` parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the `page` parameter in the default URI until a patch is available.

Name of the Vulnerable Software and Affected Versions: jSite version 1.0 OE Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `module` parameter of the index.php file. Recommendations: For jSite version 1.0 OE, consider restricting access to the `module` parameter in the index.php file to prevent exploitation. As a temporary workaround, restrict the ability to include local files using the .. (dot dot) sequence in the `module` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpMyClub version 0.0.1 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `page courante` parameter to the top-level URI, which enables directory traversal. **Recommendations** For phpMyClub version 0.0.1, as a temporary workaround, consider restricting access to the `page courante` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetRisk versions 1.9.7 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter in the `index.php` file. This can also be used for local file inclusion using directory traversal sequences. **Recommendations** For NetRisk versions 1.9.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Content Injector version 1.53 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in an "expand" action. **Recommendations** For Content Injector version 1.53, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `index.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Content Injector version 1.52 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `cat` parameter in the "index.php" endpoint. **Recommendations** For Content Injector version 1.52, avoid using the `cat` parameter in the "index.php" endpoint until a fix is available. Consider restricting access to the "news.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DevMass Shopping Cart versions 1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `kfm base path` parameter in the admin/kfm/initialise.php file. **Recommendations** For DevMass Shopping Cart versions 1.0 and earlier, as a temporary workaround, consider restricting access to the admin/kfm/initialise.php file until a patch is available. Avoid using the `kfm base path` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BackUpWordPress plugin for WordPress version 0.4.2b and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `bkpwp plugin path` parameter to various scripts, including "plugins/BackUp/Archive.php", "Predicate.php", "Writer.php", "Reader.php", and other unspecified scripts under "plugins/BackUp/Archive/". **Recommendations** For BackUpWordPress plugin for WordPress version 0.4.2b and earlier, update to a version later than 0.4.2b to resolve the issue. As a temporary workaround, consider restricting access to the `bkpwp plugin path` parameter in the affected API endpoints until a patch is available. Avoid using the `bkpwp plugin path` parameter in the affected scripts under plugins/BackUp/Archive/ until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** awzMB versions 4.2 beta 1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Setting[OPT includepath]` parameter to various PHP files, including "adminhelp.php", "admin.incl.php", "reg.incl.php", "help.incl.php", "gbook.incl.php", and "core/core.incl.php" in the "modules/" directory. **Recommendations** For awzMB versions 4.2 beta 1 and earlier, as a temporary workaround, consider restricting access to the vulnerable PHP files until a patch is available. Avoid using the `Setting[OPT includepath]` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LimeSurvey versions 1.5.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `rootdir` parameter in the `classes/core/language.php` file. **Recommendations** For LimeSurvey versions 1.5.2 and earlier, consider restricting access to the `language.php` file until a patch is available. As a temporary workaround, avoid using the `rootdir` parameter in the affected URL to minimize the risk of exploitation.