0Xrry

**Name of the Vulnerable Software and Affected Versions** hs-web hsweb-framework versions prior to 5.0.2 **Description** A path traversal issue exists in the File Upload component. The `denied()` function within the `FileUploadProperties.java` file can be manipulated via the `filename` argument, allowing a remote attacker to access or traverse directories outside the intended folder. **Recommendations** Install the patch with identifier 8009845b577d8a2c4bbf4fdd8e8913799a714be6. As a temporary mitigation, restrict the use of the `filename` argument in the File Upload component.

**Name of the Vulnerable Software and Affected Versions** jflyfox jfinal cms versions prior to 5.1.1 **Description** A remote SQL injection exists in the `list()` function within the `AdvicefeedbackController.java` file. The issue occurs when the `orderBy` parameter is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict or sanitize the input for the `orderBy` parameter in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** hs-web hsweb-framework versions prior to 5.0.2 **Description** An open redirect issue exists in the OAuth2 Client component. A remote attacker can manipulate the `OAuth2Client()` function within the file `hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java` to redirect users to an arbitrary external site. **Recommendations** Apply patch c2882679a9125cea52678151af5ae213cbd52579 to resolve the issue. As a temporary workaround, restrict access to the `OAuth2Client()` function until the patch is applied.