Blackwolf

**Name of the Vulnerable Software and Affected Versions** NoneCms versions prior to 1.3.0 **Description** The issue allows remote authenticated users to delete arbitrary files by providing a .. in the `param.path` parameter, leveraging back-office access. This is a directory traversal vulnerability in the application/admin/controller/Main.php file. **Recommendations** For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `param.path` parameter in the affected controller to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NoneCms version 1.3.0 **Description** The issue allows remote attackers to access internal and external network resources via Server Side Request Forgery (SSRF) due to inadequate URL validation in the copy function. Specifically, the validation only checks if the URL contains the "csdn" substring. **Recommendations** For NoneCms version 1.3.0, consider implementing proper URL validation to prevent SSRF attacks, such as validating the URL scheme, host, and path to ensure it only allows access to intended resources. As a temporary workaround, restrict access to the copy function in application/admin/controller/Article.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MetInfo version 5.3.17 **Description** A directory traversal issue exists, allowing a remote attacker to delete any .zip file by utilizing the `filenames` parameter in the "/admin/system/database/filedown.php" API endpoint. **Recommendations** For MetInfo version 5.3.17, consider restricting access to the "/admin/system/database/filedown.php" endpoint until a patch is available, and avoid using the `filenames` parameter with untrusted input to minimize the risk of exploitation.