Th3Lawbreaker

#15582of 53,633
17.3Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2021-16930
5.3
2021-07-07
Joomla · Joomla! · CVE-2021-26037
**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.27 **Description** An issue was discovered in the CMS functions where existing user sessions were not properly terminated when a user's password was changed or the user was blocked. **Recommendations** For Joomla! versions 2.5.0 through 3.9.27, update to a version that properly handles user session termination upon password change or user blockage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-13814
7.2
2020-06-09
Monstra · Monstra Cms · CVE-2020-13978
**Name of the Vulnerable Software and Affected Versions** Monstra CMS version 3.0.4 **Description** The issue allows an attacker with administrative access to execute arbitrary OS commands via the Theme Module by visiting the "admin/index.php?id=themes&action=edit chunk" URI. This is achieved by modifying .chunk.php files on the Edit Chunk screen. It is noted that there is no indication the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature. **Recommendations** For Monstra CMS version 3.0.4, as a temporary workaround, consider restricting access to the Theme Module and the Edit Chunk feature to minimize the risk of exploitation. Avoid using the exec feature in .chunk.php files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-13815
4.8
2020-06-09
Opencart · Opencart · CVE-2020-13980
**Name of the Vulnerable Software and Affected Versions** OpenCart version 3.0.3.3 **Description** The issue allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. This problem exists due to an incomplete fix for a previous issue. The vendor notes that this is not a significant issue since it requires being logged into the admin section. **Recommendations** For OpenCart version 3.0.3.3, consider temporarily restricting access to the image upload section for users until a proper fix is applied to prevent XSS attacks. As a mitigation measure, ensure that all filenames are properly sanitized and entity encoded to prevent malicious input.