V1N1V131R4

**Name of the Vulnerable Software and Affected Versions** Koken CMS version 0.22.24 **Description** Koken CMS contains a file upload issue that permits authenticated attackers to circumvent file extension limitations by renaming malicious PHP files. Attackers can upload PHP files capable of executing system commands by altering the file upload request using a web proxy and modifying the file extension. The issue allows bypassing file extension restrictions. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wing FTP Server version 6.3.8 **Description** The software contains a remote code execution issue in its Lua-based web console. Authenticated users can execute system commands by sending malicious commands via POST requests. The `os.execute()` function is leveraged to trigger operating system execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Backdrop CMS version 1.20 **Description** A Cross Site Request Forgery (CSRF) issue exists, allowing remote attackers to gain Remote Code Execution (RCE) on the hosting web server via uploading a malicious add-on with a crafted PHP file. The attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons. **Recommendations** For Backdrop CMS version 1.20, as a temporary workaround, consider restricting access to the add-on installation feature to minimize the risk of exploitation. Avoid using the add-on installation feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArGo Soft Mail Server version 1.8.8.9 **Description** The issue allows for Cross Site Request Forgery (CSRF) that can lead to remote arbitrary code execution. This is specifically related to the Administration dashboard component. When an administrator or user with admin credentials opens a malicious webpage, it can trigger the CSRF, potentially allowing for unauthorized actions. **Recommendations** For ArGo Soft Mail Server version 1.8.8.9, consider restricting access to the Administration dashboard until a fix is available. As a temporary workaround, avoid using admin/user credentials to access potentially malicious websites to minimize the risk of exploitation.