Bo Wang

**Name of the Vulnerable Software and Affected Versions** Cockpit versions 0.4.4 through 0.5.5 **Description** The issue allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts. This is due to an incomplete fix for a previous issue, which was related to version 0.13.0, an earlier version than the affected ones. The /assets/lib/fuc.js.php endpoint is vulnerable, specifically the `url` parameter. **Recommendations** For Cockpit versions 0.4.4 through 0.5.5, consider restricting access to the /assets/lib/fuc.js.php endpoint to minimize the risk of exploitation. Avoid using the `url` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-shop versions 2.0.5 through 2.0.8 **Description** A web-accessible backdoor exists, allowing remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution. This issue is related to the `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` endpoint, which writes data from the `down url` URL into the `bddlj` local file if the attacker knows the backdoor `jmmy` parameter. **Recommendations** For Tp-shop versions 2.0.5 through 2.0.8, consider restricting access to the `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` endpoint to minimize the risk of exploitation. Avoid using the `jmmy` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Onethink versions V1.0 through V1.1 Description: The issue allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution. This is achieved through a Server Side Request Forgery (SSRF) in the getRemoteImage.php file in Ueditor, utilizing the `upfile` parameter. Recommendations: For Onethink versions V1.0 through V1.1, consider restricting access to the getRemoteImage.php file or disabling the `upfile` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Cockpit version 0.13.0 Description: The issue allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts. This is related to the use of the discontinued aheinze/fetch url contents component, specifically via the `url` parameter. Recommendations: For Cockpit version 0.13.0, consider restricting access to the affected component until a patch is available. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: tpshop versions 2.0.5 through 2.0.6 Description: The issue allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution. This is achieved via the `fBill` parameter in the `plugins/payment/weixin/lib/WxPay.tedatac.php` file. Recommendations: For tpshop versions 2.0.5 and 2.0.6, consider restricting access to the `plugins/payment/weixin/lib/WxPay.tedatac.php` file to minimize the risk of exploitation. Avoid using the `fBill` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.