1098024193

**Name of the Vulnerable Software and Affected Versions** rymcu forest (affected versions not specified) **Description** A security issue exists in rymcu forest related to missing authorization. The issue impacts the `GlobalResult` function within the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The attack can be initiated remotely. The product utilizes a rolling release model, meaning specific version information for affected or updated releases is not available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rymcu forest (affected versions not specified) **Description** A security flaw exists due to missing authorization. The issue affects the `getAll/addDic/getAllDic/deleteDic` function within the `src/main/java/com/rymcu/forest/lucene/api/UserDicController.java` file. The attack can be launched remotely. The product operates on a rolling release basis, meaning there are no specific version details for affected or updated releases. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fushengqian fuint (affected versions not specified) **Description** A flaw exists in fushengqian fuint related to the Authentication Token Handler component, specifically within the file `fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java`. This issue allows for authorization bypass through manipulation of some unknown functionality. The attack can be initiated remotely and is considered highly complex, though exploitation is known to be difficult. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openviglet shio versions up to 0.3.8 **Description** A critical vulnerability has been identified in openviglet shio up to version 0.3.8. The `shStaticFileUpload` function within the file `shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java` is affected. Manipulation of the `filename` argument leads to unrestricted file upload, and the attack can be launched remotely. The exploit for this issue has been publicly disclosed. **Recommendations** For versions up to 0.3.8, restrict or disable the `shStaticFileUpload` function to prevent unrestricted file uploads.

**Name of the Vulnerable Software and Affected Versions** openviglet shio versions through 0.3.8 **Description** A critical vulnerability exists in openviglet shio up to version 0.3.8. This issue affects the `shStaticFilePreUpload` function located in the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Manipulation of the `fileName` argument leads to a path traversal vulnerability, allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 0.3.9 are affected. As a temporary workaround, consider restricting access to the `shStaticFilePreUpload` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** newbee-mall version 1.0 **Description** A critical vulnerability has been found in the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument `File` leads to unrestricted upload. The attack can be launched remotely. **Recommendations** As a temporary workaround, consider disabling the Upload function in the UploadController.java file until a patch is available. Restrict access to the UploadController.java file to minimize the risk of exploitation. Avoid using the `File` argument in the Upload function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Men Salon Management System version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the file /admin/contact-us.php. The manipulation of the arguments `pagetitle`, `pagedes`, `email`, `mobnumber`, and `timing` leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Men Salon Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/contact-us.php file until a patch is available. Avoid using the arguments `pagetitle`, `pagedes`, `email`, `mobnumber`, and `timing` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.