77Cc

**Name of the Vulnerable Software and Affected Versions** ZHENFENG13/code-projects My-Blog-layui version 1.0 **Description** A critical vulnerability affects the file upload function of the `/admin/upload/authorImg/` endpoint. The manipulation of the `File` argument leads to unrestricted file upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the file upload function in the `/admin/upload/authorImg/` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `File` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZeroWdd/code-projects studentmanager version 1.0 **Description** A critical vulnerability was found in the studentmanager software, affecting unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling access to the /getTeacherList file until a patch is available. Restrict access to the studentmanager software to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ZHENFENG13/code-projects My-Blog-layui version 1.0 Description: A vulnerability was found in the file `/admin/v1/blog/edit`, which leads to cross-site scripting. The attack may be launched remotely, and multiple parameters might be affected. The vendor was contacted about this disclosure but did not respond. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the `/admin/v1/blog/edit` endpoint until a patch is available. Avoid using potentially vulnerable parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZHENFENG13/code-projects My-Blog-layui version 1.0 **Description** A problem was found in the software, affecting an unknown part of the file `/admin/v1/link/edit`. This issue leads to cross site scripting and can be initiated remotely. Multiple parameters might be affected. The vendor was contacted about this issue but did not respond. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/v1/link/edit` endpoint until a patch is available. Avoid using multiple parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: huanfenz/code-projects StudentManager versions up to 1.0 Description: A problematic vulnerability has been found in the Teacher String Handler component, leading to improper authorization. The manipulation can be initiated remotely. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The vulnerability affects an unknown part of the component. Recommendations: For versions up to 1.0, as a temporary workaround, consider restricting access to the Teacher String Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: huanfenz/code-projects StudentManager version 1.0 Description: A critical issue was found in the Announcement Management Section of the software, specifically affecting the /upload/uploadArticle.do file. The manipulation of the `File` argument leads to unrestricted upload. This issue can be exploited remotely. Recommendations: For version 1.0, consider restricting access to the /upload/uploadArticle.do file to minimize the risk of exploitation. As a temporary workaround, avoid using the `File` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: db-hospital-drug version 1.0 Description: A critical issue was found, affecting some unknown functionality of the file ShiroConfig.java, leading to improper authorization. The attack can be launched remotely. Recommendations: For version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: JamesZBL/code-projects db-hospital-drug version 1.0 Description: A vulnerability was found in the function Save of the file ContentController.java. The manipulation of the argument `content` leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: As a temporary workaround, consider disabling the Save function of the ContentController.java file until a patch is available. Restrict access to the ContentController.java file to minimize the risk of exploitation. Avoid using the `content` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** godcheese/code-projects Nimrod version 0.8 **Description** A critical vulnerability exists in godcheese/code-projects Nimrod 0.8. The vulnerability affects the `searchAllByName` function within the `ViewMenuCategoryRestController.java` file. Manipulation of the `Name` argument leads to a SQL injection. The attack can be launched remotely, and the exploit has been publicly disclosed. **Recommendations** For godcheese/code-projects Nimrod version 0.8, restrict access to the `searchAllByName` function within the `ViewMenuCategoryRestController.java` file to minimize the risk of exploitation. Avoid using the `Name` parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nimrod version 0.8 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file FileRestController.java. The manipulation of the `File` argument leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For Nimrod version 0.8, consider restricting access to the FileRestController.java to minimize the risk of exploitation. As a temporary workaround, avoid using the `File` argument in the affected functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IKUN Library version 1.0 **Description** A vulnerability has been found in IKUN Library 1.0, classified as problematic. This issue affects the `addInterceptors` function of the `MvcConfig.java` file in the Borrow Handler component, leading to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `addInterceptors` function until a patch is available. Restrict access to the Borrow Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.