Cai-Niao98

**Name of the Vulnerable Software and Affected Versions** Siyucms version 6.1.7 **Description** The issue is related to a remote code execution (RCE) vulnerability in the background of Siyucms, a content management system based on ThinkPaP5 AdminLTE. This vulnerability can be exploited by attackers to gain server privileges. It is specifically a background command execution vulnerability. **Recommendations** For Siyucms version 6.1.7, consider restricting access to the background command execution functionality until a patch is available. As a temporary workaround, disabling the vulnerable command execution feature in the background can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 6.1.9 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered, allowing attackers to add Administrator accounts arbitrarily and modify Admin passwords. **Recommendations** For DedeCMS version 6.1.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lin-CMS version 0.2.1 **Description** An authentication bypass in Lin-CMS allows attackers to escalate privileges to Super Administrator. **Recommendations** For Lin-CMS version 0.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.