A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.

CVE-2013-10030

Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion.

CVE-2023-31893: Recomendações para Evitar o Abuso de Servidores DNS Recursivos Abertos

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.

The module Jms Slider (jmsslider) from Joommasters contains an unrestricted upload of file with dangerous type vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes

**Summary**

*   **CVE ID**: CVE-2023-29631
*   **Published at**: 2023-03-13
*   **Advisory source**: Joomasters
*   **Platform**: PrestaShop
*   **Product**: jmsslider
*   **Impacted release**: at least 1.6.0
*   **Product author**: Joommasters
*   **Weakness**: CWE-434
*   **Severity**: critical (9.8)

**Description**

ajax\_jmsslider.php can be called anonymously to upload a php file that can be used for RCE.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Technical and personal data leaks
*   Obtain admin access
*   Remove all data of the linked PrestaShop
*   Display sensitives tables to front-office to unlock potential admin’s ajax scripts of modules protected by token on the ecosystem

**Proof of concept**

    curl -v -F "data_image=@test.php" "https://preprod.XXX/modules/jmsslider/ajax_jmsslider.php?secure_key=VALUE_AVAILABLE_ON_FRONTOFFICE&action=addLayer&data_type=image&id_slide=99999"
    

**Patch**

Provided by the editor https://www.joommasters.com/index.php/blog/tutorials-and-case-studies/how-to-fix-security-bug-of-slider-security-breach-of-theme.html

**Timeline**

Date

Action

2019-09-04

Vulnerability publish by the editor

2023-02-17

Contact the author

2023-03-13

Publish this security advisory

**Other recommandations**

*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Links**

*   Joom masters web site
*   Joom masters blog post on the vulnerability

CVE-2023-29631: [CVE-2023-29631] Unrestricted upload vulnerability in Jms Slider (jmsslider) PrestaShop module

PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.

The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes

**Summary**

*   **CVE ID**: CVE-2023-29630
*   **Published at**: 2023-03-13
*   **Advisory source**: Friends-Of-Presta
*   **Platform**: PrestaShop
*   **Product**: jmsvermegamenu
*   **Impacted release**: at least 1.1.x and 2.0.x
*   **Product author**: Joommasters
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

ajax\_jmsvermegamenu.php hold sensitives SQL calls that can be executed with a trivial http call and exploited to forge a blind SQL injection.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Technical and personal data leaks
*   Obtain admin access
*   Remove all data of the linked PrestaShop
*   Display sensitives tables to front-office to unlock potential admin’s ajax scripts of modules protected by token on the ecosystem

**Patch**

    --- a/ajax_jmsvermegamenu.php
    +++ b/ajax_jmsvermegamenu.php
    @@ -29,1 +29,1 @@ function getPosts
    -        UPDATE `'._DB_PREFIX_.'jmsvermegamenu` SET `params` = \''.Tools::getValue('params').'\'
    +        UPDATE `'._DB_PREFIX_.'jmsvermegamenu` SET `params` = \''.pSQL(Tools::getValue('params')).'\'
    

**Timeline**

Date

Action

2022-09-01

Issue discovered during a pentest

2023-02-17

Contact the author

2023-03-13

Publish this security advisory

**Other recommandations**

*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Links**

*   Joom masters web site

CVE-2023-29630: [CVE-2023-29630] Blind SQL injection vulnerability in Jms Vertical MegaMenu (jmsvermegamenu) PrestaShop module

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.

The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes

**Summary**

*   **CVE ID**: CVE-2023-29629
*   **Published at**: 2023-03-13
*   **Advisory source**: Friends-Of-Presta
*   **Platform**: PrestaShop
*   **Product**: jmsthemelayout
*   **Impacted release**: at least 2.5.5
*   **Product author**: Joommasters
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

ajax\_jmsvermegamenu.php hold sensitives SQL calls that can be executed with a trivial http call and exploited to forge a blind SQL injection.

**WARNING** : This exploit is actively used to deploy webskimmer to massively stole credit cards.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Technical and personal data leaks
*   Obtain admin access
*   Remove all data of the linked PrestaShop
*   Display sensitives tables to front-office to unlock potential admin’s ajax scripts of modules protected by token on the ecosystem

**Patch**

    --- a/ajax_jmsthemelayout.php.php
    +++ b/ajax_jmsthemelayout.php.php
    @@ -102,2 +102,2 @@ function getPosts
    -        $query = 'UPDATE `'._DB_PREFIX_.'jmsadv_position` SET `col_lg` = '.$pos_obj[1].', `col_md` = '.$pos_obj[2].', `col_sm` = '.$pos_obj[3].', `col_xs` = '.$pos_obj[4].
    -		'	WHERE `id_position` = '.$pos_obj[0];
    +        $query = 'UPDATE `'._DB_PREFIX_.'jmsadv_position` SET `col_lg` = '. (int)$pos_obj[1].', `col_md` = '. (int)$pos_obj[2].', `col_sm` = '. (int)$pos_obj[3].', `col_xs` = '. (int)$pos_obj[4].
    +		'	WHERE `id_position` = '. (int)$pos_obj[0];
    

**Timeline**

Date

Action

2022-09-01

Issue discovered during a pentest

2023-02-17

Contact the author

2023-03-13

Publish this security advisory

**Other recommandations**

*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”)
*   Change the default database prefix ps_ by a new longer arbitrary prefix. Nethertheless, be warned that this is useless against blackhat with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against these set of rules.

**Links**

*   Joom masters web site

CVE-2023-29629: [CVE-2023-29629] Blind SQL injection vulnerability in Jms Theme Layout (jmsthemelayout) PrestaShop module

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.

**  
miniCal**

**Open-source PMS** (http://www.minical.io)

**Table of Contents**

*   What is miniCal?
*   Features
*   Documentation
*   Installation
*   Demo
*   Code of conduct
*   Contribute
*   How to develop an extension
*   Join the Community
*   miniCal Marketplace
*   Versioning
*   License

**What is miniCal?**

miniCal is an open-source PMS (Property Management System). It was originally designed for hotel software companies, but other businesses like car rental businesses can use it also.

**Our mission**

We see hundreds of PMS companies developing the same features and integrations as everyone else, and we think it's a waste of resources. Our mission is to develop a single best technology that can perform better than most PMS companies' in-house developed products, and completely take the technical burden off of their shoulders.

**Documentation**

miniCal documentation is available here minical.doc.

**Features**

*   **Online Booking Engine :** Accept online bookings from 3rd party websites.
*   **Inventory :** Control room availabilities of your property.
*   **CRM :** Manage customer profiles along with their account balances.
*   **Intuitive Calendar :** Simple interface that provides quick overview of your property.
*   **Payment :** Accept secure payments online.

...and plenty more extensions to add from our marketplace !

**Installation**

*   Fork the repository https://github.com/minical/minical or clone it locally.
*   Install the stable version of PHP 7.3.0, MySQL 5.0.4, and OS-specific dependency tools.
*   Create a MySql database with any name.
*   Do the basic configuration updates on the public->build.json file.
*   Create a new file named ".env" by copying the .env.example file which is located in the root.
*   Update database credentials in .env file in .env file
*   Set Environment variable to either 'development' or 'production' in .env file
*   Update Project URL (Url pointing to a public folder in minical project like http://localhost/minical/public) in .env file
*   Update API Url (Url pointing to API folder in minical project like http://localhost/minical/api) in .env file, for more details check the .env example.
*   Install composer dependencies by running the "composer install" command on your project root.
*   Install miniCal Database by going to http://localhost/minical/public/install.php in your browser, following the installation steps, and create an admin account.
*   That's it. You are done! Visit miniCal at http://localhost/minical/public

**Demo**

Visit miniCal Demo.

**Code of Conduct**

miniCal follows Codeigniter Style Guide.

**Contribute**

Any contribution for a new feature or an improvement will be appreciated.

**To make a contribution:**

1.  Fork the repository and edit.
2.  Submit the pull request, please provide a comprehensive description of PR as a commit message.
3.  Any pull request that the reviewers don't find useful to miniCal will be rejected. We recommend you to talk to us first before working on a PR. Also, please ensure your code is following Codeigniter Style Guide.

**How to develop an extension**

Do you have an idea of an extension that might be a great addon to the miniCal community? Follow Extension development guide.

**Join the Community**

Get support. exchange ideas with our growing dev community. Join us on Discord.

**miniCal Marketplace**

Explore the extension of miniCal on miniCal Marketplace.

**Versioning**

The version is broken down into 4 points e.g 1.2.3.4 We use MAJOR.MINOR.FEATURE.PATCH to describe the version numbers.

A MAJOR is very rare, it would only be considered if the source was effectively re-written or a clean break was desired for other reasons. This increment would likely break most 3rd party modules.

A MINOR is when there are significant changes that affect core structures. This increment would likely break some 3rd party modules.

A FEATURE version is when new extensions or features are added (such as a payment gateway, shipping module, etc). Updating a feature version is at a low risk of breaking 3rd party modules.

A PATCH version is when a fix is added, it should be considered safe to update patch versions e.g 1.2.3.4 to 1.2.3.5

**License**

The Open Software License 3.0 (OSL-3.0)

CVE-2023-33410: GitHub - minical/minical: Minical is an open-source PMS with extension management baked-in. It's designed for the companies looking for highly customizable property management software.

*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.

emlog6.0CMS /admin/plugin.php has plug-in upload function, you can upload plug-in by uploading zip format compressed package  

   Upload a zip file, the zip file name must be the same as the unzipped file name, here test.php is compressed to test.zip  

Http://localhost/emlog6.0CMS/content/plugins/test/test.php  
Access the url, add post request 1=phpinfo();, the response page is as follows, and prove that the Trojan upload is successful.  

   Use a kitchen knife to connect to http://localhost/emlog6.0CMS/content/plugins/test/test.php with a password of 1

CVE-2020-19028: emlogcms has any file upload vulnerability · Issue #1 · sincere-c/CVE

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.

**CVE-2023-33409**

Minical 1.0.0 is vulnerable to Cross-Site Request Forgery.

Vendor: https://github.com/minical/minical

Demo Application: https://demo.minical.io/

**PoC**

The application does not have any CSRF protection, hence a specially crafted HTTP request can be used to,

*   Add New User
*   Delete Existing User
*   Edit the existing User’s Email Address and other sensitive information.

The payloads for different attacks can be generated using the Generate CSRF POC tool in BurpSuite.

Example:

Add New User:

CVE-2023-33409: GitHub - Thirukrishnan/CVE-2023-33409

A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.

CVE-2013-10029

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Tag

#php