Yuccun

**Name of the Vulnerable Software and Affected Versions** feiyuchuixue sz-boot-parent versions through 1.3.2-beta **Description** A weakness exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta. This issue affects unknown code within the `/api/admin/common/files/download` file. Manipulation of the `url` argument can lead to server-side request forgery (SSRF). The attack can be executed remotely and is considered highly complex with difficult exploitability. The developers addressed this by adding a URL protocol whitelist validation to the file download interface, allowing only 'http' and 'https' protocols. **Recommendations** Upgrade to version 1.3.3-beta to resolve this vulnerability.

**Name of the Vulnerable Software and Affected Versions** feiyuchuixue sz-boot-parent versions through 1.3.2-beta **Description** A flaw exists in the Password Reset Handler component of the software. This issue involves manipulation of the `userId` argument within the '/api/admin/sys-user/reset/password/' file, leading to the use of a default password. The attack can be initiated remotely and has been publicly disclosed. The project developers have addressed this by adding authorization validation to the password reset interface, restricting password resets to users with appropriate permissions. **Recommendations** Upgrade to version 1.3.3-beta.

**Name of the Vulnerable Software and Affected Versions** feiyuchuixue sz-boot-parent versions up to 1.3.2-beta **Description** A flaw exists in feiyuchuixue sz-boot-parent that allows for unrestricted file uploads. This issue is related to the functionality of the `/api/admin/sys-file/upload` API endpoint. The attack can be initiated remotely and an exploit is publicly available. The project developers addressed the issue by implementing a whitelist restriction on the `/api/admin/sys-file/upload` endpoint using the `oss.allowedExts` and `oss.allowedMimeTypes` configuration options, which allow specifying permitted file extensions and MIME types for uploads. **Recommendations** Upgrade to version 1.3.3-beta.

**Name of the Vulnerable Software and Affected Versions** feiyuchuixue sz-boot-parent versions through 1.3.2-beta **Description** A security issue exists in feiyuchuixue sz-boot-parent. The issue affects an unknown part of the file `/api/admin/common/download/templates` within the API component. Manipulation of the `templateName` parameter can lead to path traversal. Remote exploitation is possible. The exploit has been publicly released. The project developers have implemented path validity checks on parameters for the template download interface to address this issue. **Recommendations** Upgrade to version 1.3.3-beta.

**Name of the Vulnerable Software and Affected Versions** feiyuchuixue sz-boot-parent versions up to 1.3.2-beta **Description** A flaw exists in feiyuchuixue sz-boot-parent up to version 1.3.2-beta that allows for authorization bypass. This occurs through the manipulation of the `messageId` argument in the `/api/admin/sys-message/` API endpoint. The attack can be initiated remotely, and details of an exploit are publicly available. The developers have implemented message ownership verification to address the issue. **Recommendations** Upgrade to version 1.3.3-beta.

**Name of the Vulnerable Software and Affected Versions** xnx3 wangmarket versions up to 6.4 **Description** A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the `uploadImage` function within the `/sits/uploadImage.do` file allows for unrestricted file uploads through manipulation of the `image` argument. This allows for remote exploitation. The details of the exploit have been publicly disclosed, and the vendor was informed but did not respond. **Recommendations** Versions prior to 6.4 should be updated. As a temporary workaround, consider restricting access to the `/sits/uploadImage.do` file or disabling the `uploadImage` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** xnx3 wangmarket versions up to 6.4 **Description** A cross-site scripting issue exists in xnx3 wangmarket. The issue is located in the Add Global Variable Handler component, specifically within the file `/siteVar/save.do`. Manipulation of the `Remark/Variable Value` argument can lead to the execution of cross-site scripting attacks remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 6.4 should be updated. As a temporary workaround, consider restricting access to the `/siteVar/save.do` file to minimize the risk of exploitation.

**Nome do Software Vulnerável e Versões Afetadas** liweiyi ChestnutCMS versões até 1.5.8 **Descrição** Existe uma falha no liweiyi ChestnutCMS até a versão 1.5.8. Este problema afeta a função `FilenameUtils.getExtension` dentro do componente Filename Handler, localizado no arquivo `/dev-api/common/upload`. A manipulação do argumento `File` pode resultar em upload de arquivos irrestrito, e o ataque pode ser executado remotamente. Um exploit para este problema foi publicado. **Recomendações** Versões anteriores à 1.5.8 são vulneráveis. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.