Ana10Gy

**Name of the Vulnerable Software and Affected Versions** jishenghua jshERP versions prior to 3.7 **Description** A server-side request forgery (SSRF) exists in the platformConfig Add Endpoint. A remote attacker can manipulate the `platformValue` argument within the `insertPlatformConfig()` function of the `jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java` file to trigger the issue. SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `insertPlatformConfig()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jishenghua jshERP versions prior to 3.7 **Description** A path traversal issue exists in the 'addAccountHeadAndDetail' endpoint. This occurs within the `addAccountHeadAndDetail()` function located in the `jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java` file. A remote attacker can manipulate the `fileName` argument to access files and directories outside the intended folder. Path traversal is a technique that allows an attacker to read arbitrary files on the server by manipulating file paths. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the 'addAccountHeadAndDetail' endpoint or avoid using the `fileName` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elunez eladmin versions prior to 2.8 **Description** A command injection issue exists within the Application Deployment Module in the `App.java` file. This occurs when the `uploadPath` argument is manipulated, allowing for remote exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.3 **Description** A server-side request forgery (SSRF) issue exists in an unknown function within the file `/airag/airagModel/test`. This occurs when the `baseUrl` argument is manipulated, allowing a remote attacker to induce the server to make unintended requests. **Recommendations** Update to a version newer than 3.9.2. As a temporary workaround, restrict access to the file `/airag/airagModel/test` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jeecgboot versions prior to 3.9.2 **Description** A remote server-side request forgery (SSRF) exists in the Cloud Instance Metadata Endpoint component. The issue occurs within the `FileDownloadUtils.download2DiskFromNet()` function located in the `/airag/app/debug` file, where improper manipulation of processed URLs allows an attacker to induce the server to make unintended requests. **Recommendations** Upgrade to version 3.9.2.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.3 **Description** A server-side request forgery (SSRF) issue exists in the `WordUtil.addImage()` function within the `/airag/word/edit` file. This flaw allows a remote attacker to execute a manipulation that triggers the server to make unauthorized requests. **Recommendations** As a temporary workaround, restrict access to the `WordUtil.addImage()` function until a patch is available.

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.1 **Description** Improper authorization exists in the FillRuleUtil Component within the '/sys/fillRule/edit' endpoint. A remote attacker can manipulate the `ruleClass` argument to bypass authorization controls. **Recommendations** Upgrade the affected component to a version containing the fix. As a temporary workaround, restrict access to the '/sys/fillRule/edit' endpoint or avoid using the `ruleClass` argument until the update is applied.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** A server-side request forgery (SSRF) exists in the 'LoadFile' endpoint. The issue occurs within the `checkPathTraversalBatch()` function of the `FileDownloadUtils.jav` file due to improper manipulation of the `files` argument, allowing a remote attacker to initiate the attack. **Recommendations** Upgrade the affected component to a version later than 3.9.1. As a temporary workaround, restrict access to the 'LoadFile' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** An issue in the OpenApi Service component allows remote attackers to perform server-side request forgery (SSRF), a flaw where the server is coerced into making unintended requests. This occurs through the manipulation of the `originUrl` argument within the 'OpenApiController.add' and 'OpenApiController.call' functions of the `OpenApiController.java` file. **Recommendations** Upgrade the affected component to a version that contains the fix. As a temporary workaround, restrict access to the 'OpenApiController.add' and 'OpenApiController.call' functions.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.2 **Description** A flaw in the `uploadImgByHttpEndpoint` component allows for remote server-side request forgery (SSRF), which occurs when a server is tricked into making unauthorized requests to internal or external resources. This issue affects the functions `CommonController.uploadImgByHttp()`, `HttpFileToMultipartFileUtil.httpFileToMultipartFile()`, and `HttpFileToMultipartFileUtil.downloadImageData()` within the `CommonController.java` file. **Recommendations** Upgrade to the upcoming release containing the fix. As a temporary workaround, restrict access to the `CommonController.uploadImgByHttp()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 1Panel-dev MaxKB versions prior to 2.5.0 **Description** An issue exists in the MdPreview component within the file 'ui/src/chat.ts'. This flaw allows a remote attacker to perform cross site scripting (XSS), which is a technique where malicious scripts are injected into trusted websites. **Recommendations** Upgrade to version 2.5.0.

Name of the Vulnerable Software and Affected Versions 1Panel-dev MaxKB versions up to 2.6.1 Description A vulnerability exists in the `execute` function within the file `apps/application/flow/step node/mcp node/impl/base mcp node.py` of the Model Context Protocol Node component. Manipulation of this function can lead to operating system command injection, potentially allowing remote attackers to execute arbitrary commands. The exploit has been publicly disclosed. Recommendations Upgrade the affected component to a fixed version.

Name of the Vulnerable Software and Affected Versions 1Panel-dev MaxKB versions up to 2.6.1 Description A flaw exists in the processing of the file `apps/common/middleware/chat headers middleware.py` within the ChatHeadersMiddleware component. Manipulation of the `Name` argument can lead to cross site scripting. Remote exploitation is possible. Recommendations Upgrade to version 2.8.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** 1Panel-dev MaxKB versions up to 2.2.1 **Description** A cross-site scripting issue exists due to the manipulation of the `Name` argument within the `StaticHeadersMiddleware` function located in the `apps/common/middleware/static headers middleware.py` file of the Public Chat Interface component. The attack can be launched remotely. **Recommendations** Upgrade to version 2.8.0.

Name of the Vulnerable Software and Affected Versions FedML-AI FedML versions up to 0.8.9 Description A security flaw exists in FedML-AI FedML up to version 0.8.9, specifically within the MQTT Message Handler component. Manipulation of the `dataSet` argument in an unknown function of the file FileUtils.java leads to a path traversal vulnerability. This can be exploited remotely. The exploit has been publicly released. Recommendations Versions prior to 0.8.9 should be used.

Name of the Vulnerable Software and Affected Versions QingdaoU OnlineJudge versions up to 1.6.1 Description A server-side request forgery condition exists in the `JudgeServer.service url` function of the `judge server heartbeat` endpoint within QingdaoU OnlineJudge. This manipulation can be exploited remotely. The vendor was contacted but did not respond. Recommendations Update QingdaoU OnlineJudge to a version later than 1.6.1.

Name of the Vulnerable Software and Affected Versions FedML-AI FedML versions up to 0.8.9 Description A weakness exists in the gRPC server component of FedML-AI FedML, specifically within the `sendMessage` function of the `grpc server.py` file. This allows for deserialization, potentially triggered remotely. The vendor was contacted but did not respond. Recommendations Update to a version beyond 0.8.9.

**Name of the Vulnerable Software and Affected Versions** CodePhiliaX Chat2DB versions up to 0.3.7 **Description** A flaw exists in CodePhiliaX Chat2DB that allows for SQL injection. This issue affects the `exportTable`, `exportTableColumnComment`, `exportView`, `exportProcedure`, `exportTriggers`, `exportTrigger`, and `updateProcedure` functions within the `DMDBManage.java` file of the Database Export Handler component. The attack can be initiated remotely. An exploit for this issue is publicly available. **Recommendations** Versions prior to 0.3.7 should be updated. As a temporary workaround, consider restricting access to the `DMDBManage.java` file or disabling the affected functions (`exportTable`, `exportTableColumnComment`, `exportView`, `exportProcedure`, `exportTriggers`, `exportTrigger`, and `updateProcedure`) until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CodeGenieApp serverless-express versions through 4.17.1 **Description** A security issue exists in CodeGenieApp serverless-express up to version 4.17.1. The issue affects functionality within the file examples/lambda-function-url/packages/api/models/TodoList.ts of the API Endpoint component. Manipulation of the `userId` argument can lead to authorization bypass, and the attack can be carried out remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 4.17.1 are recommended.