A7Cc

**Name of the Vulnerable Software and Affected Versions** whyour qinglong versions through 2.20.1 **Description** A security issue has been identified in whyour qinglong. The problem resides in an unknown function within the `back/loaders/express.ts` file of the API Interface component. Manipulation of the `command` argument can bypass a protection mechanism. This issue can be exploited remotely, and a public exploit is available. **API Endpoint:** Not specified. **Vulnerable Parameter:** `command` **Recommendations** Versions prior to 2.20.2 should be upgraded to version 2.20.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Gowabby HFish version 0.1 **Description** A critical issue has been found in Gowabby HFish, affecting the `LoadUrl` function of the file `viewurl.go`. The manipulation of the argument `r` leads to improper authentication. This issue can be exploited remotely. **Recommendations** For version 0.1, consider disabling the `LoadUrl` function until a patch is available to prevent improper authentication. Restrict access to the `viewurl.go` file to minimize the risk of exploitation. Avoid using the argument `r` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** zj1983 zz versions up to 2024-08 **Description** A critical vulnerability has been found in the function `GetUserOrg` of the file `com/futvan/z/framework/core/SuperZ.java`. The manipulation of the argument `userId` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the `GetUserOrg` function until a patch is available. Restrict access to the `com/futvan/z/framework/core/SuperZ.java` file to minimize the risk of exploitation. Avoid using the `userId` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pbrong hrms versions 1.0.0 through 1.0.1 **Description** A critical vulnerability was found in pbrong hrms, affecting the function `HrmsDB` of the file `resourceresource.go`. The manipulation of the argument `user cookie` leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions 1.0.0 through 1.0.1, consider disabling the `HrmsDB` function or restricting access to the `resourceresource.go` file until a patch is available. As a temporary workaround, avoid using the `user cookie` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBOS version 4.5.5 **Description** The issue is related to an arbitrary file deletion vulnerability. It affects the `LoginController.php` file located at `systemmodulesdashboardcontrollers`. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For IBOS version 4.5.5, patch immediately and monitor for suspicious activity. Restrict local network access if needed.