Alices614

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions prior to 1.0.4 **Description** Improper authorization occurs within the Super Admin Password Handler component, specifically affecting an unknown function in the '/admin/update/' file. This allows for remote exploitation through manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.9.2 is sufficient to fix this issue. It is suggested to upgrade the affected component.

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** Improper access controls exist within the AiragModelController component. A remote attacker can exploit this by manipulating the `list/queryById` argument, leading to unauthorized access. **Recommendations** Update to version 3.9.2.

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded.

**Name of the Vulnerable Software and Affected Versions** eladmin versions prior to 2.8 **Description** Improper access controls in the Users API Endpoint allow for remote attacks. The issue exists within the `checkLevel()` function located in the `/rest/UserController.java` file. **Recommendations** As a temporary workaround, restrict access to the Users API Endpoint or the `checkLevel()` function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A flaw exists due to improper access controls. This issue is related to the `deleteCache`, `removeAllCache`, and `syncCache` functions within the `CacheController.java` file, located in the `datasetreposwarehousesrcmainjavacomyeqifusyscontroller` directory. The affected component is the Cache Sync Handler. The issue can be exploited remotely, and details of the exploit have been publicly disclosed. The product operates on a rolling release basis, meaning specific version details for affected and updated releases are unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A flaw exists in the Customer Endpoint component of yeqifu warehouse. The `addCustomer`, `updateCustomer`, and `deleteCustomer` functions within the `datasetreposwarehousesrcmainjavacomyeqifubuscontrollerCustomerController.java` file are susceptible to improper access controls. Remote exploitation is possible. The exploit has been publicly disclosed. The project was notified of the issue but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A security issue exists in yeqifu warehouse. A manipulation of the `addInport`, `updateInport`, or `deleteInport` functions within the `InportController.java` file, located in the `datasetreposwarehousesrcmainjavacomyeqifubuscontroller` component, can lead to improper access controls. This issue can be exploited remotely. The exploit has been publicly disclosed. The affected component is the Inport Endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A security issue exists in yeqifu warehouse related to improper access controls. The issue impacts the `addSales`, `updateSales`, and `deleteSales` functions within the `SalesController.java` file located in the `datasetreposwarehousesrcmainjavacomyeqifubuscontrollerSalesController.java` component, specifically affecting the Sales Endpoint. This allows for remote exploitation. The exploit is publicly available. The project has been notified but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A flaw exists in the Log Info Handler component of yeqifu warehouse, specifically within the `loadAllLoginfo()`, `deleteLoginfo()`, and `batchDeleteLoginfo()` functions located in the file `datasetreposwarehousesrcmainjavacomyeqifusyscontrollerLoginfoController.java`. This issue leads to improper authorization and is exploitable remotely. The exploit has been publicly disclosed. The product does not utilize versioning, making it difficult to determine affected and unaffected releases. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A security flaw exists due to improper access controls. The issue is located in the `saveRolePermission` function within the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerRoleController.java of the Role-Permission Binding Handler component. This flaw allows for remote attacks, and an exploit has been publicly released. The project has been notified but has not yet responded. **Recommendations** Update to version aaf29962ba407d22d991781de28796ee7b4670e4 or later.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A weakness exists due to improper authorization within the User Management Endpoint component. The issue is related to the `addUser`, `updateUser`, and `deleteUser` functions located in the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerUserController.java. The attack can be initiated remotely, and the exploit has been publicly released. Continuous delivery with rolling releases is utilized, meaning specific version details for affected or updated releases are unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A security issue exists in yeqifu warehouse related to improper authorization. The issue is present in the `addRole`, `updateRole`, and `deleteRole` functions within the `RoleController.java` file located in the `datasetreposwarehousesrcmainjavacomyeqifusyscontroller` directory, part of the Role Management Handler component. The exploit for this issue has been publicly disclosed and may be used to launch remote attacks. The project maintainers were notified of the problem but have not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A security issue exists in yeqifu warehouse related to improper authorization. The issue is located within the Permission Management component, specifically in the `addPermission()`, `updatePermission()`, and `deletePermission()` functions of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerPermissionController.java. The attack can be initiated remotely and the exploit is publicly available. The product utilizes a rolling release model, meaning specific version information for affected or updated releases is not available. The project was notified of the issue but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse (affected versions not specified) **Description** A flaw exists that can lead to improper authorization. The issue affects the `addMenu()`, `updateMenu()`, and `deleteMenu()` functions within the `MenuController.java` file located in the `datasetreposwarehousesrcmainjavacomyeqifusyscontroller` directory, specifically related to the Menu Management component. The product operates on a rolling release basis, meaning there are no specific version details for affected or updated releases. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A flaw exists due to improper authorization within the Department Management component. The issue resides in the `addDept()`, `updateDept()`, and `deleteDept()` functions located in the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerDeptController.java. This allows for remote exploitation. The project has been notified of the issue but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 **Description** A flaw exists within the Notice Management component of yeqifu warehouse, specifically in the `addNotice()`, `updateNotice()`, `deleteNotice()`, and `batchDeleteNotice()` functions located in the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerNoticeController.java. This issue results in improper authorization and can be exploited remotely. The exploit details have been publicly disclosed. The product utilizes continuous delivery with rolling releases, and the project maintainers have been notified but have not yet responded. **Recommendations** Apply updates to yeqifu warehouse beyond aaf29962ba407d22d991781de28796ee7b4670e4. As a temporary workaround, restrict access to the `addNotice()`, `updateNotice()`, `deleteNotice()`, and `batchDeleteNotice()` functions.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS versions 4.0.202506.d through 6.202506.d **Description** A security issue exists in Sanluan PublicCMS related to improper authorization. The `Paid` function within the `TradePaymentService.java` file, located at `publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java`, is affected. Manipulation of the `paymentId` argument can lead to unauthorized access. The attack can be initiated remotely and requires a high level of complexity, making exploitation difficult. The details of the exploit have been publicly disclosed. **Recommendations** Apply a patch with identifier 7329437e1288540336b1c66c114ed3363adcba02 to resolve this issue.