U0Pattern

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows an attacker to edit any file content, both locally and remotely, due to a CSRF attack. Recommendations: For bloofoxCMS version 0.5.2.1, update to a newer version that contains a fix for this issue, as using an outdated version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows attackers to upload malicious files, such as php files, due to an Unrestricted File Upload. Recommendations: For bloofoxCMS version 0.5.2.1, consider restricting file uploads to only necessary and validated file types to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows remote attackers to execute arbitrary JS/HTML code, which can lead to the execution of malicious scripts on the victim's browser. This is due to a Cross-Site Scripting (XSS) issue. Recommendations: For bloofoxCMS version 0.5.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows attackers to read local files due to Path traversal in the `fileurl` parameter. Recommendations: For bloofoxCMS version 0.5.2.1, avoid using the `fileurl` parameter until the issue is resolved. Consider restricting access to the affected parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jact OpenClinic version 0.8.20160412 **Description** The issue is related to errors in authorization in the shared/view source.php component of the OpenClinic software for managing medical records. An attacker, acting remotely, can exploit this issue to potentially execute arbitrary code after logging into the admin account. This is achieved by using an infected `file` GET parameter in the "/shared/view source.php" API endpoint. **Recommendations** For Jact OpenClinic version 0.8.20160412, as a temporary workaround, consider restricting access to the "/shared/view source.php" API endpoint to minimize the risk of exploitation. Additionally, avoid using the `file` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.