Lanmeik

**Name of the Vulnerable Software and Affected Versions** Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532) **Description** A path traversal issue exists due to the manipulation of the `path` argument when processing files in `/System/Cms/downLoad`. This allows for remote exploitation. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fujian Smart Integrated Management Platform System versions up to 7.5 **Description** A security flaw exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue involves improper processing of files, specifically `/Module/CRXT/Controller/XAccessPermissionPlus.ashx`. Manipulation of the `DeviceIDS` argument can lead to a SQL injection attack, potentially allowing remote exploitation. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 7.5 should be updated.

**Name of the Vulnerable Software and Affected Versions** Fujian Smart Integrated Management Platform System versions prior to 7.5 **Description** A weakness exists in Fujian Smart Integrated Management Platform System up to version 7.5. The issue stems from a SQL injection affecting an unknown function within the `/Module/CRXT/Controller/XCamera.ashx` file. Manipulating the `ChannelName` argument triggers the SQL injection. Remote exploitation is possible. The exploit has been publicly released and could be used for attacks. **Recommendations** Update to a version prior to 7.5.

**Name of the Vulnerable Software and Affected Versions** Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532) **Description** A security flaw exists in the Download function of the Tsinghua Unigroup Electronic Archives System. A path traversal issue is present due to manipulation of the `path` argument in the `/Search/Subject/downLoad` file. This allows for remote attacks. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tsinghua Unigroup Electronic Archives System versions prior to 3.2.210802(62532) **Description** A flaw exists in Tsinghua Unigroup Electronic Archives System that allows for unrestricted file uploads. This occurs due to a manipulation of the `File` argument within an unknown function of the `/Archive/ErecordManage/uploadFile.html` file. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not provide a response. **Recommendations** Versions prior to 3.2.210802(62532) should be updated. As a temporary workaround, restrict access to the `/Archive/ErecordManage/uploadFile.html` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tsinghua Unigroup Electronic Archives System versions through 3.2.210802(62532) **Description** A flaw exists in Tsinghua Unigroup Electronic Archives System that allows for remote code execution. The issue is due to SQL injection within the `/mine/PublicReport/prinReport.html` file. Specifically, manipulating the `comid` parameter can lead to exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 3.2.210802(62532) should be updated.

**Name of the Vulnerable Software and Affected Versions** Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532) **Description** A path traversal issue exists in Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532). The issue is located in an unknown function within the `/Using/Subject/downLoad.html` file. Manipulating the `path` argument allows for path traversal. The attack can be initiated remotely. An exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.