Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-37gm-h5wr-pf25: Path traversal in redaxo

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

ghsa
#vulnerability#php#auth
GHSA-7c4c-749j-pfp2: Admidio Vulnerable to HTML Injection In The Messages Section

### Summary An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. ### PoC 1. Go to https://www.admidio.org/demo_en/adm_program/modules/messages/messages.php 2. Click on Send Private Message 3. In the `Message` field, enter the following payload `Testing<br><h1>HTML</h1><br><h2>Injection</h2>` > ![image](https://github.com/user-attachments/assets/0e5d9e4e-69c5-4908-9ab9-0c45c2548ff8) 4. Send the message 5. Open the message again > ![image](https://github.com/user-attachments/assets/d36f1b64-7d96-486d-ab65-cce2b7d21428) ### Impact 1. Data Theft: Stealing sensitive information like cookies, session tokens, and user credentials. 2. Session Hijacking: Gaining unauthorized access to user accounts. 3. Phishing: Tricking users into revealing sensitive information. 4. Website Defacement: Altering the appearance or content of the website. 5. Malware Distribution: Spreading malware to users' devices. 6. Denial of Service (DoS): Ov...

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.

GHSA-4r7v-whpg-8rx3: changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

### Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. ### Details changedetection.io version: 0.45.20 ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest 53529c2e69f1 44 hours ago 423MB ``` The vulnerability is caused by the usage of vulnerable functions of Jinja2 template engine. ```python from jinja2 import Environment, BaseLoader ... # Get the notification body from datastore jinja2_env = Environment(loader=BaseLoader) n_body = jinja2_env.from_string(n_object.get('notification_body', '')).render(**notification_parameters) n_title = jinja2_env.from_string(n_object.get('notification_title', '')).render(**notification_parameters) ``` ### PoC 1. Create/Edit a URL watch item 2. Under *Notifications* tab insert this payload: ```python {{ self.__init__.__globa...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script.

WatchGuard XTM Firebox 12.5.x Buffer Overflow

WatchGuard XTM Firebox version 12.5.x suffers from a buffer overflow vulnerability.

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'country', 'state', 'locality', 'organization', and 'hostname' HTTP POST parameters called by the sslCertAjax.php script.