Woshinibaba222

**Name of the Vulnerable Software and Affected Versions** DoraCMS version 2.1.8 **Description** The issue allows attackers to gain access to the application via a bruteforce attack due to the re-use of the same code for verification of valid `usernames` and `passwords`. **Recommendations** For DoraCMS version 2.1.8, update to a newer version that does not reuse the same verification code for usernames and passwords to prevent bruteforce attacks. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DoraCMS version 2.1.8 **Description** An arbitrary file upload issue allows attackers to execute arbitrary code by uploading a crafted HTML or image file to the user avatar. **Recommendations** For DoraCMS version 2.1.8, as a temporary workaround, consider restricting the upload of HTML and image files for user avatars until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mobile Security Framework (MobSF) versions <=3.7.8 Beta **Description** The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could use a reverse proxy server. **Recommendations** For Mobile Security Framework (MobSF) versions <=3.7.8 Beta, consider using a reverse proxy server to implement authentication, as the product itself does not have authentication implemented by design. At the moment, there is no information about a newer version that contains a fix for this vulnerability.