#php

### Summary This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * **Remote Code Execution (RCE) via Asset Upload:** A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * **Path Traversal File Deletion:** A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. ### Mitigation Please update to 5.2.3 or later. ### Workarounds None ### References https://owasp.org/www-community/attacks/Code_Injection https://owasp.org/www-community/attacks/Path_Traversal If you have any questions or comments about this advisory: Ema...

Beware before downloading Google Chrome from a Google search, you might get more than you expected.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send unauthorized HTTPS requests, access sensitive information from HTTPS responses, or use network access to execute remote code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected: FLXEON Controllers FBXi: Version 9.3.4 and prior FLXEON Controllers FBVi: Version 9.3.4 and prior FLXEON Controllers FBTi: Version 9.3.4 and prior FLXEON Controllers CBXi: Version 9.3.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77 Netwo...

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.

Description Summary Pimcore Admin Classic Bundle allows attackers to enumerate valid accounts because the Forgot password functionality uses different messages when the account is valid vs not. Details -> error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. since no generic error message is being implemented. PoC  Enter first a valid account email address and click on submit  A green message validating the account exists is shown and a login link is sent to the email  now go back and use a random email from temp-mail to test with a non existant account  ![image]...

Malvertisers got inspired by the website for a German university to bypass ad security and distribute malware.

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).

**Product:** PhpSpreadsheet **Version:** 3.8.0 **CWE-ID:** CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') **CVSS vector v.3.1:** 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) **CVSS vector v.4.0:** 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) **Description:** an attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link **Impact:** executing arbitrary JavaScript code in the browser **Vulnerable component:** class `PhpOffice\PhpSpreadsheet\Writer\Html`, method `generateRow` **Exploitation conditions:** a user viewing a specially generated xml file **Mitigation:** additional sanitization of special characters in a string **Researcher: Igor Sak-Sakovskiy (Positive Technologies)** # Research The researcher discovered zero-day vulnerability Bypass XSS sanitizer using the javascript protocol and special characters in Phpspreadsheet. The following code...

Social engineering methods are being put to the test to distribute malware.