Congsec

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.6.2 **Description** The SiYuan personal knowledge management system prior to version 3.6.2 had a flaw where document IDs were retrieved via the `/api/file/readDir` interface, and then the `/api/block/getChildBlocks` interface was used to view the content of all documents. This allowed unauthorized access to potentially encrypted or prohibited documents under the publishing service. The `/api/block/getChildBlocks` **API Endpoint** is used to retrieve document content, taking the `id` **variable** as input. **Recommendations** Versions prior to 3.6.2 should be updated to version 3.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.6.2 **Description** SiYuan, a personal knowledge management system, contains a directory traversal issue in the `/api/file/readDir` interface. This interface was used to retrieve file names under a notebook without proper authorization. An attacker could exploit this to traverse the directory structure and potentially read arbitrary documents. The vulnerability exists due to insufficient restrictions on file access through the API endpoint. The `/api/file/readDir` API endpoint accepts a `path` variable that is not adequately validated, allowing for directory traversal. **Recommendations** Versions prior to 3.6.2 should be updated to version 3.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** EasyImages versions 2.0 through 2.8.6 **Description** A flaw exists in the /admin/manager.php component that allows for arbitrary file renaming. An attacker can exploit this to execute arbitrary code by renaming a PHP file to an SVG format. **Recommendations** Update EasyImages to a version later than 2.8.6.