Anch0R

**Name of the Vulnerable Software and Affected Versions** DTStack Taier versions prior to 1.4.0 **Description** An issue in the Source Connection Test Endpoint allows remote attackers to perform manipulations leading to improper authentication. The flaw exists within the `preHandle()` function located in the `taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java` file. **Recommendations** Apply patch f95389e7f74acec42bcee079a616aaa06f9551d2 to versions prior to 1.4.0.

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.

**Name of the Vulnerable Software and Affected Versions** funadmin versions prior to 7.1.0-rc6 **Description** A flaw in the Frontend Chunked Upload Endpoint allows remote attackers to perform unrestricted file uploads. This issue occurs within the `chunkUpload()` function of the `app/common/service/UploadService.php` file due to improper handling of the `File` argument. **Recommendations** Deploy patch 59 to resolve the issue for versions prior to 7.1.0-rc6. As a temporary workaround, restrict access to the `chunkUpload()` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** innocommerce InnoShop versions prior to 0.7.9 **Description** Improper authentication exists in the Installation Endpoint. The issue is located in the `boot()` function of the `InstallServiceProvider` class within the `innopacks/install/src/InstallServiceProvider.php` file. This flaw allows for remote exploitation. **Recommendations** Apply the patch identified as 45758e4ec22451ab944ae2ae826b1e70f6450dc9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.8.0 **Description** A weakness in the Template File Handler component allows for remote code injection. The issue exists within the `editFile()` function located in the `application/admin/logic/FilemanagerLogic.php` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `editFile()` function in the `application/admin/logic/FilemanagerLogic.php` file.

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions prior to 1.8.0 **Description** A remote SQL injection can occur due to the manipulation of the `sort asc` argument within the `GetSortData()` function located in the application/common.php file. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `GetSortData()` function in the application/common.php file.

**Name of the Vulnerable Software and Affected Versions** Wooey versions prior to 0.13.3rc1 **Description** An issue in the API Endpoint component allows for improper authorization via remote manipulation. The flaw exists within the `add or update script()` function located in the `wooey/api/scripts.py` file. **Recommendations** Upgrade to version 0.13.3rc1 or 0.14.0. As a temporary workaround, restrict access to the `add or update script()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** liyupi yu-picture versions prior to a053632c41340152bf75b66b3c543d129123d8ec **Description** Remote SQL injection is possible via the `sortField` argument in the `PageRequest()` function within the MyBatis-Plus component of the `yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java` file. SQL injection is a technique where an attacker inserts malicious SQL code into a query, allowing them to manipulate the database. **Recommendations** Apply the available patch to resolve the issue. As a temporary workaround, restrict or validate the input of the `sortField` argument used in the `PageRequest()` function.

**Name of the Vulnerable Software and Affected Versions** Datavane Datavines versions prior to e540d6dc04e2e6ad11907fb655f3728a13e7b939 **Description** An issue exists in the JWT Token Handler component within the file `datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java`. Manipulation of the `tokenSecret` argument can lead to the use of a hard-coded cryptographic key. This flaw allows for remote execution, although it requires a high level of complexity and is difficult to exploit. **Recommendations** Apply patch e540d6dc04e2e6ad11907fb655f3728a13e7b939.

Name of the Vulnerable Software and Affected Versions Dromara warm-flow versions up to 1.8.4 Description A security flaw exists in Dromara warm-flow up to version 1.8.4. The issue resides in the `SpelHelper.parseExpression` function within the `/warm-flow/save-json` file of the Workflow Definition Handler component. Manipulation of the `listenerPath`, `skipCondition`, and `permissionFlag` arguments can lead to code injection. The attack can be performed remotely, and an exploit has been publicly released. Recommendations Update to a version later than 1.8.4.

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions prior to 6.202506.d Description A security issue exists in Sanluan PublicCMS. The `AbstractFreemarkerView.doRender` function within the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java, related to the FreeMarker Template Handler component, suffers from improper neutralization of special elements used in a template engine. This allows for remote exploitation. The exploit has been publicly disclosed. Recommendations Update to a version later than 6.202506.d.

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the `DriverManager.getConnection` function located in the `/drag/onlDragDataSource/testConnection` file. Manipulation of the `dbUrl` argument can lead to code injection. The attack can be initiated remotely, and the exploit has been made public. The vendor has confirmed the issue and plans to release a fix in a future version. Recommendations Versions prior to 2.3.0 should be used. As a temporary workaround, consider restricting access to the Data Source Handler component or disabling the affected function until a patch is available.

Name of the Vulnerable Software and Affected Versions PowerJob versions 5.1.0 through 5.1.2 Description A security flaw exists in PowerJob versions 5.1.0 through 5.1.2. The issue is related to code injection resulting from the manipulation of the `nodeParams` argument within the `GroovyEvaluator.evaluate` function located in the `/openApi/addWorkflowNode` file of the OpenAPI Endpoint component. This attack can be executed remotely. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PowerJob versions 5.1.0 through 5.1.2 Description A SQL injection issue exists due to the manipulation of the `customQuery` argument within an unknown function in the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the detailPlus endpoint. Remote exploitation is possible. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions JeecgBoot versions 3.9.0 through 3.9.1 Description A security issue exists in JeecgBoot versions 3.9.0 and 3.9.1 related to missing authentication within the AI Chat Module. The issue is located in an unknown function within the file `jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java`. This allows for remote exploitation. Recommendations Apply the patch b7c9aeba7aefda9e008ea8fe4fc3daf08d0c5b39/2c1cc88b8d983868df8c520a343d6ff4369d9e59 to resolve this issue.