88Ai

**Name of the Vulnerable Software and Affected Versions** jeecg-boot version 2.4.5 **Description** The issue allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the "httptrace interface". **Recommendations** For jeecg-boot version 2.4.5, consider restricting access to the httptrace interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** jeecg-boot versions 2.4.5 and earlier **Description** The issue allows remote attackers to gain escalated privilege and view sensitive information. This is achieved via the API endpoint "/sys/user/querySysUser" with the `username` variable set to "admin". **Recommendations** For jeecg-boot versions 2.4.5 and earlier, consider restricting access to the "/sys/user/querySysUser" API endpoint until a patch is available. As a temporary workaround, avoid using the `username` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jeecg-boot versions 2.4.5 and earlier **Description** The issue allows remote attackers to gain escalated privilege and view sensitive information. This is achieved via the "api uri:/sys/user/checkOnlyUser?username=admin" endpoint, where the `username` variable is utilized. **Recommendations** For jeecg-boot versions 2.4.5 and earlier, as a temporary workaround, consider restricting access to the /sys/user/checkOnlyUser API endpoint until a patch is available. Avoid using the `username` variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PbootCMS version 1.2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by specifying a .php filename in a "SET GLOBAL general log file" statement, followed by a SELECT statement containing the PHP code. **Recommendations** For PbootCMS version 1.2.2, consider restricting access to the SQL interface to prevent the execution of malicious SQL statements until a patch is available. As a temporary workaround, avoid using the `general log file` variable in SQL statements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WUZHI CMS version 4.1.0 **Description** A Stored XSS issue was found in the "Account Settings -> Member Centre -> Chinese information -> Ordinary member" section, specifically via a QQ number. This can be exploited through a form submission, where the `qq 10` variable is manipulated using a substring. **Recommendations** For WUZHI CMS version 4.1.0, as a temporary workaround, consider restricting access to the "Account Settings -> Member Centre -> Chinese information -> Ordinary member" section until a patch is available. Avoid using the `qq 10` variable in the affected form submission until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.