Spacehen

**Name of the Vulnerable Software and Affected Versions** TheCartPress version 1.5.3.6 **Description** An unauthenticated privilege escalation allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the 'tcp register and login ajax' action with the `tcp role` variable set to administrator to gain full administrative access without authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MStore API version 2.0.6 **Description** An arbitrary file upload flaw allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API. Specifically, attackers can upload PHP files with arbitrary names to the 'config file' endpoint to achieve remote code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Download From Files versions prior to 1.49 **Description** An arbitrary file upload flaw allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the 'admin-ajax.php' endpoint using the `download from files 617 fileupload` action. By manipulating the `allowExt` parameter, they can bypass file type restrictions to upload executable files, such as PHP shells, to the web root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 3DPrint Lite WordPress plugin versions prior to 1.9.1.5 **Description** The issue allows unauthenticated users to upload arbitrary files to the web server due to the lack of authorization and file checking in the `p3dlite handle upload` AJAX action. However, a .htaccess file prevents the uploaded files from being accessed on web servers like Apache. This vulnerability has been exploited by hackers to deploy the Godzilla Web Shell. **Recommendations** For versions prior to 1.9.1.5, update to version 1.9.1.5 or later to resolve the issue. As a temporary workaround, consider disabling the `p3dlite handle upload` AJAX action until a patch is available. Restrict access to the vulnerable `p3dlite handle upload` AJAX action to minimize the risk of exploitation.