Userrpr

**Name of the Vulnerable Software and Affected Versions** HAX CMS PHP versions prior to 11.0.3 **Description** The issue concerns the `gitImportSite` functionality, which obtains a URL string from a POST request and insufficiently validates user input. This allows an authenticated attacker to craft a URL string that bypasses validation checks, enabling the execution of arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. The `set remote` function passes user input into `proc open`, yielding OS command injection. **Recommendations** For versions prior to 11.0.3, update to version 11.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `gitImportSite` functionality until a patch is applied. Additionally, restricting the use of the `set remote` function and `proc open` calls with unvalidated user input can help minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HAX CMS PHP versions prior to 10.0.3 Description: The issue is related to the `save()` function in `HAXCMSFile.php`, which allows for unrestricted file uploads due to a non-exhaustive denylist. This list only blocks files with `.php`, `.sh`, `.js`, and `.css` extensions, causing the system to "fail open" rather than "fail closed". The vulnerability can be exploited by a remote attacker to upload files with malicious extensions and execute arbitrary code. Recommendations: For versions prior to 10.0.3, update to version 10.0.3 to fix the vulnerability. As a temporary workaround, consider restricting access to the `save()` function in `HAXCMSFile.php` to minimize the risk of exploitation. Additionally, restrict file uploads to only necessary file types to reduce the attack surface.