Tsai

**Name of the Vulnerable Software and Affected Versions** Webopac from Grand Vice info (affected versions not specified) **Description** The issue is a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webopac from Grand Vice info (affected versions not specified) **Description** The issue concerns a problem with file type validation in Webopac from Grand Vice info, allowing remote attackers with regular privileges to upload and execute webshells. This could lead to arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Grand Vice Info Webopac versions up to 6.5.0/7.2.2 **Description** The issue is related to the lack of proper file type validation in the Webopac component, allowing unauthenticated remote attackers to upload and execute webshells. This could lead to arbitrary code execution on the server, potentially resulting in server compromise. **Recommendations** For versions up to 6.5.0/7.2.2, upgrade the affected components immediately to mitigate exposure. As a temporary workaround, consider restricting access to the Webopac component until a patch is available. Avoid using the Webopac component for uploading files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Webopac from Grand Vice info (affected versions not specified) **Description** The issue is a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webopac from Grand Vice info (affected versions not specified) **Description** The Webopac system has a SQL Injection flaw, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webopac from Grand Vice info (affected versions not specified) **Description** The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bludit CMS version 3.15 **Description** A Cross Site Scripting (XSS) issue allows remote attackers to execute arbitrary code and obtain sensitive information via the "edit-content.php" endpoint. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. **Recommendations** For Bludit CMS version 3.15, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "edit-content.php" endpoint until a patch is available. Avoid using this endpoint in a way that could allow arbitrary code execution until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: REDAXO version 5.15.1 Description: An issue in REDAXO allows attackers to execute arbitrary code and obtain sensitive information via `modules.modules.php`. The vulnerability is related to incorrect code generation management in the `addons/structure/plugins/content/pages/modules.modules.php` component. This can be exploited by a remote attacker to execute arbitrary code. Recommendations: For REDAXO version 5.15.1, consider disabling access to the `modules.modules.php` file until a patch is available. Restrict the use of the `addons/structure/plugins/content/pages/modules.modules.php` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.