Abc_123456

**Name of the Vulnerable Software and Affected Versions** Four-Faith Water Conservancy Informatization Platform version 1.0 **Description** A security vulnerability has been detected due to path traversal. The manipulation of the argument `fileName` in an unknown functionality of the file `/history/historyDownload.do;usrlogout.do` allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Four-Faith Water Conservancy Informatization Platform version 1.0 **Description** A path traversal vulnerability exists due to the manipulation of the `fileName` argument. This issue affects some unknown functionality within the files `/history/historyDownload.do`, `/otheruserLogin.do`, and `/getfile`. The vulnerability can be exploited remotely. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Jinher OA versions prior to 1.3 Description: A flaw has been found in Jinher OA up to version 1.2. The issue involves SQL injection in an unknown function within the file `/C6/Jhsoft.Web.departments/GetTreeDate.aspx`. Manipulation of the `ID` argument can trigger the injection. The attack can be launched remotely. Recommendations: Update Jinher OA to version 1.3 or later. As a temporary workaround, restrict access to the `/C6/Jhsoft.Web.departments/GetTreeDate.aspx` file. Avoid using the `ID` parameter in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2 Description: A vulnerability exists in Jinher OA that allows for xml external entity reference. The issue affects an unknown function of the file `/c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add` within the XML Handler component. Remote exploitation is possible, and the exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Jinher OA versions up to 1.2 Description: A vulnerability exists in Jinher OA that allows for XML external entity reference. The issue impacts an unknown function of the file `/c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add` within the XML Handler component. This can be exploited remotely. The exploit has been made public. Recommendations: Versions prior to 1.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.