207556249

Name of the Vulnerable Software and Affected Versions: Lingxing ERP version 2 Description: A critical issue was found in the function `DoUpload` of the file `/Api/FileUpload.ashx?method=DoUpload`. The manipulation of the argument `File` leads to unrestricted upload. This issue can be exploited remotely. Recommendations: For Lingxing ERP version 2, as a temporary workaround, consider disabling the `DoUpload` function of the `/Api/FileUpload.ashx?method=DoUpload` endpoint until a patch is available. Restrict access to the `/Api/FileUpload.ashx?method=DoUpload` endpoint to minimize the risk of exploitation. Avoid using the `File` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Lingxing ERP version 2 Description: A critical issue has been identified, affecting an unknown part of the file /Api/TinyMce/UploadAjax.ashx. The manipulation of the `File` argument leads to unrestricted upload. This issue can be exploited remotely. Recommendations: For Lingxing ERP version 2, as a temporary workaround, consider restricting access to the `/Api/TinyMce/UploadAjax.ashx` endpoint until a patch is available. Avoid using the `File` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5.6.3.154.205 Coremail Mail Server (affected versions not specified) **Description** A critical issue has been identified, allowing for SQL injection through the manipulation of the `typename` argument in an unknown function of the file /parameter/getFileTypeList.jsp. This can be exploited remotely. The issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** For ESAFENET CDG version 5.6.3.154.205, consider restricting access to the /parameter/getFileTypeList.jsp file to minimize the risk of exploitation. For Coremail Mail Server, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ESAFENET CDG version 5.6.3.154.205 20250114 **Description** A critical vulnerability was found in the file /CDGServer3/logManagement/backupLogDetail.jsp, where the manipulation of the `logTaskId` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider restricting access to the `/CDGServer3/logManagement/backupLogDetail.jsp` file until a patch is available. Avoid using the `logTaskId` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESAFENET DSM version 3.1.2 **Description** A critical issue has been discovered, affecting the `examExportPDF` function in the `/admin/plan/examExportPDF` file. The manipulation of the `s` argument leads to command injection. This issue can be exploited remotely. **Recommendations** For ESAFENET DSM version 3.1.2, as a temporary workaround, consider disabling the `examExportPDF` function until a patch is available. Restrict access to the `/admin/plan/examExportPDF` file to minimize the risk of exploitation. Avoid using the `s` argument in the affected function until the issue is resolved.