Moemion233

**Name of the Vulnerable Software and Affected Versions** Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706 **Description** A critical issue was discovered, affecting the /Duty/AjaxHandle/Write/UploadFile.ashx file of the Duty Write-UploadFile component. The manipulation of the `Filedata` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706, as a temporary workaround, consider restricting access to the /Duty/AjaxHandle/Write/UploadFile.ashx file to minimize the risk of exploitation. Avoid using the `Filedata` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706 **Description** A critical issue has been found in the system, affecting the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component UpLoadFloodPlanFile. The manipulation of the `Filedata` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706, as a temporary workaround, consider restricting access to the /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx file to minimize the risk of exploitation. Avoid using the `Filedata` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Shopping Website version 1.0 **Description** A critical issue was found in the SourceCodester Shopping Website, affecting an unknown function of the file search-result.php. The manipulation of the `product` argument leads to SQL injection. It is possible to launch the attack remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For SourceCodester Shopping Website version 1.0, as a temporary workaround, consider restricting access to the search-result.php file or disabling the unknown function that handles the `product` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.