0Menc

**Name of the Vulnerable Software and Affected Versions** Fujian Apex LiveBOS versions prior to 2.1 **Description** A path traversal issue exists in the Endpoint component. A remote attacker can manipulate the `filename` argument in the '/feed/UploadImage.do' endpoint to access or overwrite files outside the intended directory. Path traversal is a technique that allows an attacker to read or write files on the server by using special characters like "../" to navigate the file system. **Recommendations** Update to version 2.1.

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Name of the Vulnerable Software and Affected Versions Shandong Hoteam InforCenter PLM versions up to 8.3.8 Description A flaw exists in the function `uploadFileToIIS` within the file `/Base/BaseHandler.ashx` of Shandong Hoteam InforCenter PLM. Manipulation of the `File` argument allows for unrestricted file uploads, potentially exploitable remotely. The exploit is publicly available. Recommendations Update to a version beyond 8.3.8.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 **Description** A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the `/RemoteFormat.do` file of the Endpoint component. Manipulation of the `State` argument can lead to SQL injection, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.3.44 should be updated.

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform versions prior to 7.17.1 **Description** A security issue exists in Tiandy Easy7 Integrated Management Platform. The manipulation of the `ID` argument in the `/rest/preSetTemplate/getRecByTemplateId` file can lead to SQL injection. This issue may be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Update Tiandy Easy7 Integrated Management Platform to version 7.17.1 or later.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A weakness exists in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue is related to a function within the file `/rest/devStatus/getDevDetailedInfo` of the Endpoint component. Manipulation of the `ID` argument can lead to SQL injection. The attack can be launched remotely. The exploit has been made publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A flaw exists within the Tiandy Easy7 Integrated Management Platform that allows for unrestricted file uploads. This issue affects the `/rest/file/uploadLedImage` endpoint of the Endpoint component. The `File` parameter can be manipulated to achieve this unrestricted upload, and the attack can be initiated remotely. The exploit for this issue has been publicly released. **Recommendations** Tiandy Easy7 Integrated Management Platform version 7.17.0: Address the unrestricted upload issue in the `/rest/file/uploadLedImage` endpoint by validating the `File` parameter.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A security flaw exists in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue is a SQL injection affecting an unknown function within the Endpoint component, specifically through the `/rest/devStatus/queryResources` API endpoint. Manipulation of the `areaId` parameter can trigger the SQL injection. This attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Tiandy Easy7 Integrated Management Platform version 7.17.0: As a temporary workaround, consider restricting access to the `/rest/devStatus/queryResources` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tiandy Integrated Management Platform version 7.17.0 **Description** A flaw exists in Tiandy Integrated Management Platform 7.17.0 that could allow for SQL injection. The issue is related to an unknown functionality within the file `/rest/user/getAuthorityByUserId`. Manipulation of the `userId` parameter may lead to a successful exploit. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. The vendor was informed of the issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Technologies Integrated Management Platform version 7.17.0 **Description** A flaw exists in an unknown functionality within the `/SetWebpagePic.jsp` file of the software. Manipulation of the `targetPath`/`Suffix` argument allows for unrestricted file uploads, potentially initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was informed but did not respond. **Recommendations** Technologies Integrated Management Platform version 7.17.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 Integrated Management Platform version 7.17.0 **Description** A security issue exists in Tiandy Easy7 Integrated Management Platform 7.17.0. The issue affects an unknown function within the Device Identifier Handler component, specifically the file `/WebService/UpdateLocalDevInfo.jsp`. Manipulation of the `username`/`password` arguments can bypass authentication. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Topsec TopACM version 3.0 **Description** A weakness exists in Topsec TopACM 3.0 related to the HTTP Request Handler component and the file '/view/systemConfig/management/nmc sync.php'. Manipulation of the `template path` argument can lead to operating system command injection. The attack can be executed remotely. A public exploit is available. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiandy Easy7 CMS version 7.17.0 **Description** A flaw exists in Tiandy Easy7 CMS that allows for SQL injection. This issue is related to the manipulation of the `strTBName` argument within the `/Easy7/apps/WebService/GetDBData.jsp` file. The attack can be initiated remotely. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A vulnerability has been found in the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument `Name` leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, as a temporary workaround, consider restricting access to the `/packetCaptureStrategy/download` endpoint until a patch is available. Avoid using the `Name` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A vulnerability was found in the function `operationDailyOut` of the file `/safeEvent/download`. The manipulation of the argument `filename` leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, as a temporary workaround, consider restricting access to the `operationDailyOut` function until a patch is available. Avoid using the `filename` argument in the affected file `/safeEvent/download` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A critical vulnerability has been found in H3C SecCenter SMP-E1114P02, affecting some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument `logGeneralFile/logGeneralFile 2` leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, as a temporary workaround, consider disabling the import functionality in the /safeEvent/importFile/ file to minimize the risk of exploitation. Restrict access to the `logGeneralFile/logGeneralFile 2` argument to prevent unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A critical issue affects the function `fileContent` of the file `/cfgFile/fileContent`. The manipulation of the argument `filePath` leads to path traversal. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, as a temporary workaround, consider restricting access to the `fileContent` function to minimize the risk of exploitation. Avoid using the `filePath` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H3C SecCenter SMP-E1114P02 up to 20250513 **Description** A vulnerability was found in the function Download of the file /cfgFile/1/download. The manipulation of the argument `Name` leads to path traversal. The attack may be initiated remotely. **Recommendations** For H3C SecCenter SMP-E1114P02 up to 20250513, consider restricting access to the Download function of the file /cfgFile/1/download to minimize the risk of exploitation. Avoid using the `Name` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.