5Huai

Name of the Vulnerable Software and Affected Versions: MipCMS version 5.0.1 Description: A cross-site request forgery (CSRF) issue allows attackers to escalate user privileges to administrator. This can be achieved via the "index.php?s=/user/ApiAdminUser/itemEdit" endpoint, by exploiting the lack of proper validation on user requests. Recommendations: For MipCMS version 5.0.1, consider implementing proper validation and verification of user requests to prevent unauthorized privilege escalation. As a temporary workaround, restrict access to the "index.php?s=/user/ApiAdminUser/itemEdit" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Dswjcms version 1.6.4 Description: A stored cross-site scripting (XSS) issue in the index.php/Dswjcms/Basis/links component allows attackers to execute arbitrary web scripts or HTML. This can lead to the execution of malicious code on the victim's browser. Recommendations: For Dswjcms version 1.6.4, consider disabling the index.php/Dswjcms/Basis/links component until a patch is available to prevent exploitation of the stored XSS issue.

Name of the Vulnerable Software and Affected Versions: Dswjcms version 1.6.4 Description: A stored cross-site scripting (XSS) issue in the index.php/Dswjcms/Site/articleList component allows attackers to execute arbitrary web scripts or HTML. This could potentially lead to unauthorized actions on the affected web application. Recommendations: For Dswjcms version 1.6.4, update to a version that fixes the stored XSS vulnerability in the index.php/Dswjcms/Site/articleList component. As a temporary workaround, consider restricting access to the articleList component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Dswjcms version 1.6.4 Description: An issue in the `index.php/Dswjcms/Basis/resources` component of Dswjcms allows attackers to execute arbitrary code via uploading a crafted PHP file. Recommendations: For Dswjcms version 1.6.4, consider restricting access to the `index.php/Dswjcms/Basis/resources` component to prevent arbitrary code execution until a patch is available.

Name of the Vulnerable Software and Affected Versions: Dswjcms version 1.6.4 Description: A cross-site request forgery (CSRF) issue in the "index.php/Dswjcms/User/tfAdd" endpoint of Dswjcms allows authenticated attackers to arbitrarily add administrator users. Recommendations: For Dswjcms version 1.6.4, consider disabling access to the "index.php/Dswjcms/User/tfAdd" endpoint until a patch is available to prevent exploitation of the CSRF issue.