36Huo

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by placing the code in the `DB PREFIX` field, which is then written to database.php, when the index.php?s=index/install/setup2 endpoint is accessed and the install.lock file is not present. **Recommendations** For YUNUCMS version 1.1.5, as a temporary workaround, consider restricting access to the index.php?s=index/install/setup2 endpoint until a patch is available. Additionally, ensure the install.lock file is present to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YUNUCMS version 1.1.5 **Description** The issue allows for arbitrary file deletion. This can be achieved by exploiting the `statics/ueditor/php/controller.php` "action=remove" key parameter, where an attacker can use directory traversal to delete sensitive files, such as the `install.lock` file. **Recommendations** For YUNUCMS version 1.1.5, consider restricting access to the `statics/ueditor/php/controller.php` endpoint to minimize the risk of exploitation. As a temporary workaround, limit the ability to perform the "remove" action to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.