Ytlamal

**Name of the Vulnerable Software and Affected Versions** Chartbrew versions prior to 4.8.1 **Description** Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.1, authorization checks for chart operations (update, delete, etc.) relied only on the `project id` parameter. The `chart id` was not validated, allowing authenticated users with project access to manipulate charts belonging to other users or projects. The application uses the `/api/chart` endpoint for chart-related operations. **Recommendations** Update to version 4.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** Chartbrew versions prior to 4.8.1 **Description** Chartbrew is a web application that connects to databases and APIs to create charts. Versions of the software prior to 4.8.1 contain a remote code execution issue stemming from the MongoDB dataset Query functionality. The issue was addressed with the release of version 4.8.1. **Recommendations** Update to version 4.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** Chartbrew versions prior to 4.8.1 **Description** Chartbrew is a web application designed for connecting to databases and APIs to create charts. A remote code execution issue exists in versions before 4.8.1 due to a vulnerable API. The issue has been addressed in version 4.8.1. **Recommendations** Update to version 4.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** Chartbrew versions prior to 4.8.4 **Description** Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the application does not validate file types or content when uploading files, such as project logos. It relies on the file extension provided by the user. These files are saved to the 'uploads/' directory and served statically. An attacker can upload a malicious HTML file containing JavaScript code. Because authentication tokens are likely stored in the browser's local storage, this stored cross-site scripting (XSS) issue could lead to account takeover. **Recommendations** Versions prior to 4.8.4 should be updated to version 4.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** Pimcore versions prior to 2.2.3 and versions prior to 1.7.16 **Description** The API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions used across documents, assets, and objects to standardize custom attributes. An authenticated backend user without explicit permissions for property management can call the endpoint and retrieve the complete list of these configurations. This allows unauthorized access to administrative features and potentially violates role-based access controls. The API endpoint in question is used for listing Predefined Properties. **Recommendations** Versions prior to 2.2.3 should be updated to version 2.2.3 or later. Versions prior to 1.7.16 should be updated to version 1.7.16 or later.

**Name of the Vulnerable Software and Affected Versions** Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 **Description** The application does not properly enforce server-side authorization checks on the API endpoint responsible for reading or listing static routes. Static routes are custom URL patterns defined through the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. An authenticated backend user lacking explicit permissions can invoke the API endpoint (e.g., GET `/api/static-routes`) and retrieve sensitive route configurations. This violates access control principles, allowing unauthorized access to internal routing metadata. Exploitation enables low-privileged users to enumerate static routes, potentially revealing application architecture, endpoints, or custom logic. **Recommendations** Versions prior to 12.3.1 should be updated to version 12.3.1 or later. Versions prior to 11.5.14 should be updated to version 11.5.14 or later.

**Name of the Vulnerable Software and Affected Versions** Pimcore Web2Print Tools Bundle versions prior to 5.2.2 Pimcore Web2Print Tools Bundle versions prior to 6.1.1 **Description** The Pimcore Web2Print Tools Bundle does not properly enforce server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." An authenticated backend user lacking the necessary permissions can invoke the endpoint to modify or retrieve these configurations. The vulnerable API endpoint is responsible for managing "Favourite Output Channel Configurations." **Recommendations** Update to Pimcore Web2Print Tools Bundle version 5.2.2 or later. Update to Pimcore Web2Print Tools Bundle version 6.1.1 or later.