Xcxr

**Nome do Software Vulnerável e Versões Afetadas** kerwincui FastBee versões anteriores a 1.2.2 **Descrição** Um problema de path traversal existe no Tool Download Endpoint. Atacantes remotos podem manipular o argumento `fileName` dentro da função `download()` da classe `ToolController` para acessar arquivos fora do diretório pretendido. **Recomendações** Como medida paliativa temporária, restrinja o acesso à função `download()` na classe `ToolController` para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** kerwincui FastBee versões anteriores a 1.2.2 **Descrição** Um problema de cross-site scripting existe no componente System Notice Handler. Um invasor remoto pode explorar isso manipulando o argumento `noticeContent` dentro da função `Add()` do arquivo springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** youlaitech youlai-boot versões anteriores a 2.21.2 **Descrição** Um problema de injeção de SQL existe no Users Endpoint. A falha está localizada na função `getUserList()` dentro do arquivo `src/main/java/com/youlai/boot/system/controller/UserController.java`. Atacantes remotos podem explorar isso manipulando a ordem dos argumentos para executar comandos SQL arbitrários. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade. Como medida paliativa temporária, restrinja o acesso à função `getUserList()` para minimizar o risco de exploração.

**Nome do Software Vulnerável e Versões Afetadas** crmeb java versões anteriores a 1.3.5 **Descrição** Um problema de upload de arquivos irrestrito existe no componente Admin Upload, afetando especificamente o arquivo `crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java`. A manipulação do argumento `model` permite a exploração remota, possibilitando que um invasor realize o upload de arquivos sem as restrições adequadas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions AutohomeCorp frostmourne versões até 1.0 Description Uma falha de segurança foi descoberta no AutohomeCorp frostmourne até a versão 1.0. A função `httpTest` dentro do componente Alarm Preview, acessível através do arquivo `/api/monitor-api/alarm/previewData`, é suscetível a injeção de SQL. Este ataque pode ser iniciado remotamente. O exploit para esta falha foi divulgado publicamente. Recommendations Versões anteriores a 1.0 devem ser atualizadas. Como medida temporária, considere restringir o acesso ao endpoint `/api/monitor-api/alarm/previewData` até que um patch esteja disponível.

Nome do Software Vulnerável e Versões Afetadas AutohomeCorp frostmourne versões anteriores a 1.1 Descrição Uma condição de falsificação de solicitação do lado do servidor existe no AutohomeCorp frostmourne até a versão 1.0. A questão está localizada dentro de uma função desconhecida no arquivo `frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java` do componente Alarm Preview. Isso pode ser explorado remotamente. A exploração foi divulgada publicamente. Recomendações Atualize para a versão 1.1 ou posterior.

**Name of the Vulnerable Software and Affected Versions** 648540858 wvp-GB28181-pro versions up to 2.7.4 **Description** A security flaw exists in the Stream Proxy Query Handler component of 648540858 wvp-GB28181-pro. Specifically, the `selectAll` function within the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java is susceptible to SQL injection. This manipulation can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 2.7.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** CodePhiliaX Chat2DB versions up to 0.3.7 **Description** A flaw exists in CodePhiliaX Chat2DB that allows for unrestricted file uploads. This issue is located within the `Upload` function of the `JdbcDriverController.java` file, specifically in the `chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/` component, related to the JDBC Driver Upload. The attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Versions prior to 0.3.7 should be updated. As a temporary workaround, consider restricting access to the `Upload` function within the `JdbcDriverController.java` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** erupts erupt bis versions 1.13.3 **Description** A flaw exists in the EruptDataQuery function within the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the MCP Tool Interface component. This manipulation results in a SQL injection vulnerability via hibernate. The attack can be initiated remotely. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** erupts versions through 1.13.3 **Description** A flaw exists in the `geneEruptHqlOrderBy` function located in the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Manipulation of the `sort.field` argument can lead to a SQL injection vulnerability within Hibernate. This issue is remotely exploitable. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.13.3 should be updated. As a temporary workaround, consider restricting or disabling the use of the `geneEruptHqlOrderBy` function until a patch is available. Avoid using the `sort.field` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** atjiu pybbs versão 6.0.0 **Description** Uma falha na função `create()` dentro do arquivo src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java permite a execução remota de cross-site scripting, uma técnica onde scripts maliciosos são injetados em sites confiáveis. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** atjiu pybbs version 6.0.0 **Description** A security issue exists in atjiu pybbs 6.0.0. The `create` function within the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java is susceptible to cross site scripting. This allows for remote attacks. An exploit for this issue has been publicly released. The `create` function is vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** taoofagi easegen-admin versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 **Description** A server-side request forgery (SSRF) issue exists in the `downloadFile` function within the PPT File Handler component. The issue is caused by manipulation of the `url` argument. This allows for remote exploitation. The product utilizes a rolling release model, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 should be updated. As a temporary workaround, consider restricting access to the `downloadFile` function until a suitable update is available.

**Name of the Vulnerable Software and Affected Versions** taoofagi easegen-admin versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 **Description** A path traversal issue exists in the `recognizeMarkdown` function within the file `yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java`. Manipulation of the `fileUrl` argument can lead to unauthorized access. The attack can be launched remotely, and an exploit is publicly available. The software utilizes a rolling release model, meaning specific version details for fixes are not available. The vendor was notified of the issue but did not respond. **Recommendations** Versions prior to 8f87936ac774065b92fb20aab55b274a6ea76433 should be updated. As a temporary workaround, consider restricting access to the `recognizeMarkdown` function until a suitable update is available.

**Name of the Vulnerable Software and Affected Versions** glowxq glowxq-oj versions prior to 6f7c723090472057252040fd2bbbdaa1b5ed2393 **Description** A security issue exists in glowxq glowxq-oj. A manipulation of the `uploadTestcaseZipUrl` function in the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java can lead to server-side request forgery. This attack can be initiated remotely. The exploit is publicly available. The product uses continuous delivery with rolling releases, and no specific version details for affected or updated releases are available. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glowxq glowxq-oj (affected versions not specified) **Description** A weakness exists in glowxq glowxq-oj. This issue affects the `Upload` function within the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java, potentially leading to unrestricted upload. The attack can be launched remotely. The exploit has been made publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itwanger paicoding versions 1.0.0 through 1.0.3 **Description** A server-side request forgery condition exists in itwanger paicoding. The issue is related to the manipulation of the `img` argument within the `Save` function located in the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the Image Save Endpoint component. This manipulation can lead to server-side request forgery, and the attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** Update itwanger paicoding to a version newer than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** youlaitech youlai-mall version 2.0.0 **Description** A security flaw exists in youlaitech youlai-mall version 2.0.0 related to SQL injection. The issue affects the `listPagedSpuForApp` function within the file `mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java` of the App-side Product Pagination Endpoint component. Manipulation of the `sortField` and `sort` arguments can lead to SQL injection. Remote exploitation is possible, and an exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict or disable the `listPagedSpuForApp` function until a patch is available. Sanitize the `sortField` and `sort` parameters before using them in SQL queries.

**Name of the Vulnerable Software and Affected Versions** rymcu forest versions up to 0.0.5 **Description** A cross-site scripting issue exists in rymcu forest. The issue is located in the `updateUserInfo` function within the `src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java` file of the User Profile Handler component. This allows for remote execution of attacks. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 0.0.5 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** qinming99 dst-admin versions up to 1.5.0 **Description** A flaw exists in qinming99 dst-admin that can lead to a denial of service. This issue is related to the `deleteBackup` function within the `BackupController.java` file located in the `src/main/java/com/tugos/dst/admin/controller` directory, part of the File Handler component. The attack can be initiated remotely, and details about the exploit are publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.5.1 should be updated. As a temporary workaround, consider restricting access to the `deleteBackup()` function until a patch is available.