<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 15 Jul 2026 17:09:51 +0000</lastBuildDate>
    <item>
      <title>4c9572e7-0f58-4954-bd81-9c2eee2e617f</title>
      <link>https://vulnerability.circl.lu/sighting/4c9572e7-0f58-4954-bd81-9c2eee2e617f/export</link>
      <description>{"uuid": "4c9572e7-0f58-4954-bd81-9c2eee2e617f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-HGJX-R89M-M7V4", "type": "seen", "source": "https://gist.github.com/alon710/2ffb041b6fdd6557a249f765c7133d25", "content": "# GHSA-HGJX-R89M-M7V4: GHSA-HGJX-R89M-M7V4: Remote Code Execution via Path Traversal in FacturaScripts\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-14\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-HGJX-R89M-M7V4\n\n## Summary\nFacturaScripts is an open-source PHP-based enterprise resource planning (ERP) and billing software. A critical path traversal vulnerability in the file-handling logic allows authenticated attackers with file upload permissions to write arbitrary files to any location on the system writable by the web server user. By writing custom server configuration files (.htaccess) to directories excluded from default rewrite rules, attackers can map allowed file types (like .png) to the PHP interpreter, leading to full remote code execution.\n\n## TL;DR\nAn authenticated path traversal vulnerability in FacturaScripts allows arbitrary file uploads and server configuration overrides, resulting in unauthenticated remote code execution via public directories.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22, CWE-434\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 9.9 (Critical)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **Impact**: Remote Code Execution (RCE)\n\n## Affected Systems\n\n- FacturaScripts ERP\n- FacturaScripts billing software\n\n## Mitigation\n\n- Apply security patch introducing basename() to UploadedFile file paths\n- Implement a strict validation allowlist of MIME types and extensions\n- Disable dynamic execution of scripts inside public writable folders\n- Utilize realpath() to enforce safe path boundaries on the host file system\n\n**Remediation Steps:**\n1. Apply the patch modifying Core/UploadedFile.php to sanitize $destinyName using basename()\n2. Update server configurations (Apache/Nginx) to explicitly block PHP execution within the Dinamic/Assets/ and MyFiles/ directories\n3. Conduct a review of file upload endpoints to verify permissions and restrict access to authenticated, authorized users only\n\n## References\n\n- [GitHub Security Advisory GHSA-hgjx-r89m-m7v4](https://github.com/advisories/GHSA-hgjx-r89m-m7v4)\n- [FacturaScripts Repository Advisory](https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-hgjx-r89m-m7v4)\n- [FacturaScripts Repository](https://github.com/NeoRazorX/facturascripts)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-HGJX-R89M-M7V4) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-14T21:12:44.789001Z"}</description>
      <content:encoded>{"uuid": "4c9572e7-0f58-4954-bd81-9c2eee2e617f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-HGJX-R89M-M7V4", "type": "seen", "source": "https://gist.github.com/alon710/2ffb041b6fdd6557a249f765c7133d25", "content": "# GHSA-HGJX-R89M-M7V4: GHSA-HGJX-R89M-M7V4: Remote Code Execution via Path Traversal in FacturaScripts\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-14\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-HGJX-R89M-M7V4\n\n## Summary\nFacturaScripts is an open-source PHP-based enterprise resource planning (ERP) and billing software. A critical path traversal vulnerability in the file-handling logic allows authenticated attackers with file upload permissions to write arbitrary files to any location on the system writable by the web server user. By writing custom server configuration files (.htaccess) to directories excluded from default rewrite rules, attackers can map allowed file types (like .png) to the PHP interpreter, leading to full remote code execution.\n\n## TL;DR\nAn authenticated path traversal vulnerability in FacturaScripts allows arbitrary file uploads and server configuration overrides, resulting in unauthenticated remote code execution via public directories.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22, CWE-434\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 9.9 (Critical)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **Impact**: Remote Code Execution (RCE)\n\n## Affected Systems\n\n- FacturaScripts ERP\n- FacturaScripts billing software\n\n## Mitigation\n\n- Apply security patch introducing basename() to UploadedFile file paths\n- Implement a strict validation allowlist of MIME types and extensions\n- Disable dynamic execution of scripts inside public writable folders\n- Utilize realpath() to enforce safe path boundaries on the host file system\n\n**Remediation Steps:**\n1. Apply the patch modifying Core/UploadedFile.php to sanitize $destinyName using basename()\n2. Update server configurations (Apache/Nginx) to explicitly block PHP execution within the Dinamic/Assets/ and MyFiles/ directories\n3. Conduct a review of file upload endpoints to verify permissions and restrict access to authenticated, authorized users only\n\n## References\n\n- [GitHub Security Advisory GHSA-hgjx-r89m-m7v4](https://github.com/advisories/GHSA-hgjx-r89m-m7v4)\n- [FacturaScripts Repository Advisory](https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-hgjx-r89m-m7v4)\n- [FacturaScripts Repository](https://github.com/NeoRazorX/facturascripts)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-HGJX-R89M-M7V4) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-14T21:12:44.789001Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4c9572e7-0f58-4954-bd81-9c2eee2e617f/export</guid>
      <pubDate>Tue, 14 Jul 2026 21:12:44 +0000</pubDate>
    </item>
  </channel>
</rss>
