Bi8Bu

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit versions up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd Description: A critical issue exists in the `deleteFile` function located at `/deleteFile`. Manipulation of the `fileName` argument can lead to path traversal, allowing for remote exploitation. The exploit has been publicly disclosed. This product utilizes a rolling release model, and specific version details for affected and updated releases are unavailable. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit (affected versions not specified) Description: A critical issue exists in the `fileUpload` function of the `/fileUpload` endpoint, allowing for unrestricted file uploads. The `File` argument can be manipulated to achieve this. This issue may be exploited remotely, and the exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit (affected versions not specified) Description: A critical issue exists in the `Download` function of the `/download` API endpoint in YiJiuSmile kkFileViewOfficeEdit. Manipulation of the `url` argument can lead to a path traversal. This issue is remotely exploitable, and details about the exploit have been publicly disclosed. Continuous delivery with rolling releases is used, and no specific version details for affected or updated releases are available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit (affected versions not specified) Description: A critical issue exists in the `onlinePreview` function of the `/onlinePreview` file. Manipulation of the `url` argument can lead to path traversal, allowing for remote attacks. The exploit for this issue has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: JoeyBling SpringBoot MyBatisPlus versions prior to a6a825513bd688f717dbae3a196bc9c9622fea26 Description: A critical vulnerability exists in the `SysFileController` function located at `/file/upload` within JoeyBling SpringBoot MyBatisPlus. Manipulation of the `portraitFile` argument allows for unrestricted file upload, enabling remote exploitation. The exploit has been publicly disclosed. Recommendations: Update JoeyBling SpringBoot MyBatisPlus to a version beyond a6a825513bd688f717dbae3a196bc9c9622fea26. As a temporary workaround, restrict access to the `/file/upload` endpoint. Avoid using the `portraitFile` parameter in the `/file/upload` endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: JoeyBling SpringBoot MyBatisPlus versions up to a6a825513bd688f717dbae3a196bc9c9622fea26 Description: A critical vulnerability exists in the Download function of the `/file/download` endpoint. Manipulation of the `Name` argument allows for path traversal. This issue can be exploited remotely, and the exploit has been publicly disclosed. Continuous delivery with rolling releases is used, and no specific version details for affected or updated releases are available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/file/download` endpoint. Sanitize the `Name` argument to prevent path traversal attempts.

Name of the Vulnerable Software and Affected Versions: sfturing hosp order up to 627f426331da8086ce8fff2017d65b1ddef384f8 Description: A critical vulnerability has been found in the affected software. The issue is related to the `findAllHosByCondition` function in the `HospitalServiceImpl.java` file, where the manipulation of the `hospitalName` argument leads to SQL injection. This can be exploited remotely. Recommendations: As a temporary workaround, consider restricting the input for the `hospitalName` argument in the `findAllHosByCondition` function to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a Description: A critical vulnerability has been found in the huija bicycleSharingServer, affecting the function `userDao.selectUserByUserNameLike` of the file `UserServiceImpl.java`. The manipulation of the argument `Username` leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery, and therefore, no version details for affected nor updated releases are available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `userDao.selectUserByUserNameLike` function until a patch is available. Restrict access to the `UserServiceImpl.java` file to minimize the risk of exploitation. Avoid using the `Username` argument in the affected function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: huija bicycleSharingServer (affected versions not specified) Description: A critical vulnerability was found in the huija bicycleSharingServer, affecting the `searchAdminMessageShow` function of the `AdminController.java` file. The manipulation of the `Title` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: huija bicycleSharingServer version 1.0 Description: A critical issue affects the `selectAdminByNameLike` function of the `AdminController.java` file, leading to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `selectAdminByNameLike` function until a patch is available. Restrict access to the `AdminController.java` file to minimize the risk of exploitation. Avoid using the `AdminController.java` file in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: sfturing hosp order versions up to 627f426331da8086ce8fff2017d65b1ddef384f8 Description: A critical issue was found in the `getOfficeName` function of the `OfficeServiceImpl.java` file, which is vulnerable to SQL injection through the manipulation of the `officesName` argument. This issue can be exploited remotely. Recommendations: For versions up to 627f426331da8086ce8fff2017d65b1ddef384f8, as a temporary workaround, consider restricting the use of the `getOfficeName` function until a fix is available. Additionally, avoid using the `officesName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: sfturing hosp order versions up to 627f426331da8086ce8fff2017d65b1ddef384f8 Description: A critical issue affects the `findDoctorByCondition` function of the `DoctorServiceImpl.java` file. The manipulation of the `hospitalName` argument leads to SQL injection. The attack may be initiated remotely. Recommendations: For versions up to 627f426331da8086ce8fff2017d65b1ddef384f8, as a temporary workaround, consider disabling the `findDoctorByCondition` function until a fix is available. Restrict access to the `hospitalName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JAdmin-JAVA JAdmin version 1.0 **Description** A vulnerability has been found in JAdmin-JAVA, affecting an unknown functionality of the file "/memoAjax/save". The manipulation of the `ID` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For JAdmin-JAVA JAdmin version 1.0, as a temporary workaround, consider restricting access to the "/memoAjax/save" endpoint until a patch is available. Avoid using the `ID` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JAdmin-JAVA JAdmin version 1.0 **Description** A critical vulnerability was found in the function `toLogin` of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `toLogin` function until a patch is available. Restrict access to the Admin Backend component to minimize the risk of exploitation. Avoid using the `NoNeedLoginController.java` file in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.