Ctrlcct

**Name of the Vulnerable Software and Affected Versions** ModStartCMS version 9.5.0 **Description** ModStartCMS version 9.5.0 contains an arbitrary file write issue. This allows attackers to write malicious files and execute malicious commands, potentially leading to the compromise of sensitive data on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.3.1 **Description** An issue in the `/stl/actions/download?filePath` component of SSCMS allows attackers to execute a directory traversal. **Recommendations** Apply any available updates to address the directory traversal issue in the `/stl/actions/download?filePath` component. As a temporary workaround, restrict access to the `/stl/actions/download?filePath` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ZKEACMS version 4.1 **Description** An arbitrary file upload vulnerability exists in ZKEACMS version 4.1, allowing attackers to execute arbitrary code by uploading a crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.