Testeurdestylos

**Name of the Vulnerable Software and Affected Versions** Mobatime mobile application AMXGT100 versions 1.3.20 and earlier **Description** The issue allows an anonymous user to obtain a list of existing users managed by the application, which could facilitate further attacks. It is related to an improper authentication vulnerability that enables authentication bypass. **Recommendations** For Mobatime mobile application AMXGT100 versions 1.3.20 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mobatime mobile application AMXGT100 versions 1.3.20 and earlier **Description** The issue is related to an Improper Authentication vulnerability that allows Authentication Bypass in the Mobatime mobile application. **Recommendations** For Mobatime mobile application AMXGT100 versions 1.3.20 and earlier, update to a version that fixes the Improper Authentication vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mobatime mobile application AMXGT100 versions 1.3.20 and earlier **Description** The issue allows a low-privileged user to impersonate anyone else, including administrators, due to an Incorrect Authorization vulnerability in the Mobatime mobile application AMXGT100. **Recommendations** For versions 1.3.20 and earlier, update to a version later than 1.3.20 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** King-Avis versions prior to 17.3.15 **Description** The issue is related to Improper Limitation of a Pathname, leading to a Path Traversal vulnerability in the King-Avis module for Prestashop. This allows a user with knowledge of the download token to read arbitrary local files. **Recommendations** For versions prior to 17.3.15, update to version 17.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the download token to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mobatime web application versions through 06.7.22 **Description** The issue allows a malicious user to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability in the documentary proof upload modules. **Recommendations** For versions through 06.7.22, as a temporary workaround, consider disabling the documentary proof upload modules until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mobatime web application versions through 06.7.22 **Description** The issue is related to an Incorrect Authorization vulnerability in the Mobatime web application, allowing Privilege Escalation due to Exploiting Incorrectly Configured Access Control Security Levels. **Recommendations** For versions through 06.7.22, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and correct the configuration of Access Control Security Levels to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.