Yc_Infosec

Name of the Vulnerable Software and Affected Versions: Themeum Tutor LMS versions through 3.7.4 Description: Themeum Tutor LMS is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This allows for potential SQL injection attacks. Recommendations: Update Themeum Tutor LMS to a version later than 3.7.4.

**Name of the Vulnerable Software and Affected Versions** Hamed Naderfar Compute Links versions 1.2.1 and earlier **Description** The issue is related to improper control of filenames for Include/Require statements in PHP programs, allowing PHP Remote File Inclusion. This problem enables the inclusion of remote PHP files. **Recommendations** For versions 1.2.1 and earlier, consider disabling the Include/Require statement functionality until a patch is available. Restrict access to vulnerable PHP files to minimize the risk of exploitation. Avoid using vulnerable filenames in Include/Require statements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squeeze versions n/a through 1.4 **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability, which allows Code Injection. This vulnerability affects the Squeeze software and can be exploited to inject code. **Recommendations** For Squeeze versions n/a through 1.4, update to a version that fixes this issue, as the current version allows unrestricted file uploads that can lead to code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Upunzipper versions n/a through 1.0.0 **Description** The issue affects Ravidhu Dissanayake Upunzipper, allowing Path Traversal and File Manipulation due to an Improper Limitation of a Pathname to a Restricted Directory. This enables unauthorized access and file manipulation. **Recommendations** For Upunzipper versions n/a through 1.0.0, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Upunzipper for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BuddyPress Cover versions 2.1.4.2 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability, which allows Code Injection. This vulnerability affects the BuddyPress Cover plugin. **Recommendations** For versions 2.1.4.2 and earlier, update to a version later than 2.1.4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Strategery Migrations versions n/a through 1.0 **Description** The issue affects Strategery Migrations, allowing Path Traversal and File Manipulation due to an Improper Limitation of a Pathname to a Restricted Directory. **Recommendations** For versions n/a through 1.0, consider restricting access to sensitive directories and files to minimize the risk of Path Traversal and File Manipulation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MelaPress Login Security versions 1.3.0 and earlier **Description** The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Remote File Inclusion in MelaPress Login Security. **Recommendations** For versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable `include` or `require` statements in PHP programs until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Siteclean SC filechecker versions n/a through 0.6 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in Siteclean SC filechecker. This vulnerability allows for Path Traversal and File Manipulation. **Recommendations** For versions n/a through 0.6, consider restricting access to sensitive directories and files to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Easy Digital Downloads – Recent Purchases versions 1.0.2 and earlier **Description** The issue is related to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File Inclusion'. This allows PHP Remote File Inclusion in Wow-Company Easy Digital Downloads – Recent Purchases. **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Woocommerce – Recent Purchases versions 1.0.1 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This means that an attacker could potentially access files outside the intended directory by manipulating the pathname. **Recommendations** For versions 1.0.1 and earlier, update to a version that fixes this issue, as using the current version may allow unauthorized access to local files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.