Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-34qg-65m4-f23m: Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>

### Summary In Froxlor 2.1.9 and in the HEADs of the `main`, `v2.2` and `v2.1` branches , the XML templates in `lib/configfiles/` set `chmod 644` for `/etc/pure-ftpd/db/mysql.conf`, although that file contains `<SQL_UNPRIVILEGED_PASSWORD>`. At least on Debian 12, all parent directories of `/etc/pure-ftpd/db/mysql.conf` are world readable by default, thus exposing these credentials to all users with access to the system. Only Froxlor instances configured to use pure-ftpd are affected/vulnerable. ### Details https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075 ### PoC As non-privileged user: ``` nobody@mail:/tmp$ grep MYSQLPassword /etc/pure-ftpd/db/mysql.conf MYSQLPassword MySecretMySQLPasswordForFroxlor ``` ### Impact Any unprivileged user with "command/code execution" access to the system can trivially obtain the credentials granting access to the `froxlor` MySQL database. This holds true even for virtual users without SSH access as long as they are a...

ghsa
#sql#debian#git#php#auth#ssh
Crime Complaints Reporting Management System 1.0 Shell Upload

Crime Complaints Reporting Management System version 1.0 suffers from a remote shell upload vulnerability.

Courier Management System 1.0 Cross Site Request Forgery

Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.

Company Visitor Management 1.0 SQL Injection

Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CMSsite 1.0 Shell Upload

CMSsite version 1.0 suffers from a remote shell upload vulnerability.

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

Client Management System 1.0 SQL Injection

Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CCMS Project 1.0 SQL Injection

CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Biobook Social Networking Site 1.0 SQL Injection

Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

SPIP 4.2.12 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.