Jszdk

**Name of the Vulnerable Software and Affected Versions** feng ha ha/megagao ssm-erp and production ssm (affected versions not specified) **Description** A security issue exists in feng ha ha/megagao ssm-erp and production ssm. The issue involves improper authorization due to manipulation within the `EmployeeController.java` file. This allows for remote attacks. The exploit has been publicly disclosed. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The project was notified of the issue but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** feng ha ha/megagao ssm-erp and production ssm versions prior to 4288d53bd35757b27f2d070057aefb2c07bdd097 **Description** A path traversal flaw exists in the `deleteFile` function within the `FileServiceImpl.java` file. This manipulation allows for remote exploitation. The exploit has been published. The product utilizes continuous delivery with rolling releases, making specific version details for affected or updated releases unavailable. The software is distributed under two different names. The project was notified of the issue but has not responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** feng ha ha/megagao ssm-erp and production ssm (affected versions not specified) **Description** A path traversal issue exists due to manipulation of the `picName` argument within the `pictureDelete` function of the `PictureController.java` file. This allows for remote exploitation. The exploit has been publicly disclosed. The software does not utilize versioning, making it difficult to determine specific affected and unaffected releases. The product is distributed under two different names. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** huanzi-qch base-admin versions prior to 57a8126bb3353a004f3c7722089e3b926ea83596 **Description** A flaw exists in the `Upload` function within the `SysFileController.java` file of the JSP Parser component. Manipulating the `File` argument allows for unrestricted file uploads. This issue can be exploited remotely. The exploit is publicly available. The product uses continuous delivery with rolling releases, and the project has not responded to an early issue report regarding this problem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoogTech sms-ssm versions prior to e8534c766fd13f5f94c01dab475d75f286918a8d **Description** A weakness exists due to improper authorization. This issue is related to the `preHandle` function within the `LoginInterceptor.java` file of the API Interface component. The attack can be performed remotely. The exploit has been made publicly available. **Recommendations** Update to a version prior to e8534c766fd13f5f94c01dab475d75f286918a8d.

**Name of the Vulnerable Software and Affected Versions** zhanghuanhao LibrarySystem 图书馆管理系统 versions up to 1.1.1 **Description** A flaw exists in zhanghuanhao LibrarySystem 图书馆管理系统 up to version 1.1.1, relating to improper access controls. The issue is present in an unknown function within the `BookController.java` file. This allows for remote exploitation. The details of the exploit have been publicly disclosed. The project maintainers were notified of the issue but have not yet responded. **Recommendations** Versions prior to 1.1.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.