Zyfyco

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: A configuration issue allows authenticated attackers to modify .php files, leading to potential shell access. Recommendations: For Indexhibit version 2.1.5, consider restricting file modification permissions to prevent unauthorized access until a patch is available. As a temporary workaround, limit the ability of authenticated attackers to modify .php files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: A cross-site request forgery (CSRF) issue allows attackers to arbitrarily delete admin accounts. This can be exploited by tricking administrators into performing unintended actions, potentially leading to a loss of access control. Recommendations: For Indexhibit version 2.1.5, consider disabling the delete admin account functionality until a patch is available to prevent exploitation of the CSRF issue. Restrict access to administrative panels to minimize the risk of unauthorized account deletion.

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: A cross-site request forgery (CSRF) issue allows attackers to arbitrarily reset account passwords. Recommendations: For Indexhibit version 2.1.5, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: A reflected cross-site scripting (XSS) issue in the "/plugin/ajax.php" component allows attackers to execute arbitrary web scripts or HTML. This can be exploited through the API endpoint "/plugin/ajax.php". Recommendations: For Indexhibit version 2.1.5, as a temporary workaround, consider restricting access to the "/plugin/ajax.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: The issue concerns multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML. Recommendations: For Indexhibit version 2.1.5, consider disabling the Sections module as a temporary workaround until a patch is available. Restrict access to the Sections module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Indexhibit version 2.1.5 Description: An issue in the "/config/config.php" component allows attackers to arbitrarily view files. Recommendations: For Indexhibit version 2.1.5, consider restricting access to the "/config/config.php" component until a patch is available. As a temporary workaround, review file permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.