Cyku Hong

**Name of the Vulnerable Software and Affected Versions** DrangSoft GCB/FCB Audit Software (affected versions not specified) **Description** The software contains a missing authentication issue, allowing unauthenticated remote attackers to access certain APIs. This access enables the creation of new administrative accounts. The issue concerns the ability to bypass access controls and create administrative accounts without proper authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WMPro (affected versions not specified) **Description** WMPro developed by Sunnet has an arbitrary file upload issue. Unauthenticated remote attackers can upload and execute web shell backdoors, leading to arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WMPro (affected versions not specified) **Description** WMPro developed by Sunnet has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to read arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sunnet eHRD CTMS (affected versions not specified) **Description** The eHRD CTMS software contains an arbitrary file reading issue. Remote attackers possessing administrator privileges can exploit a relative path traversal mechanism to download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SmartRobot versions prior to 8.0.0 Description: The issue allows unauthenticated remote attackers to probe the internal network and access arbitrary local files on the server. This is a Server-Side Request Forgery vulnerability. Recommendations: For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to internal network resources and arbitrary local files on the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** a+HRD from aEnrich Technology (affected versions not specified) **Description** The issue is related to an Insecure Deserialization vulnerability. This vulnerability allows remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** a+HRD from aEnrich Technology (affected versions not specified) **Description** The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents. This is a SQL Injection vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dr.ID Access Control System from SECOM versions up to 3.6.2 **Description** The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a specific page parameter. **Recommendations** For versions up to 3.6.2, patch immediately to mitigate risks. As a temporary workaround, consider restricting access to the vulnerable page parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Softnext Mail SQR Expert (affected versions not specified) Softnext Mail Archiving Expert (affected versions not specified) **Description** The web services of Softnext's products do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server. **Recommendations** For Softnext Mail SQR Expert, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Softnext Mail Archiving Expert, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinMatrix3 Web package from Simopro Technology (affected versions not specified) **Description** The query functionality lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinMatrix3 Web package from Simopro Technology (affected versions not specified) **Description** The issue concerns the login functionality, which lacks proper validation of user input. This allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DigiWin EasyFlow .NET (affected versions not specified) **Description** The issue concerns a lack of validation for certain input parameters in DigiWin EasyFlow .NET, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This enables the attacker to read, modify, and delete database records. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Galaxy Software Services Corporation Vitals ESP (affected versions not specified) **Description** The issue is related to insufficient filtering and validation during file upload in an online knowledge base management portal. An authenticated remote attacker with general user privilege can exploit this to upload and execute scripts onto arbitrary directories, allowing them to perform arbitrary system operations or disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChangingTec MOTP system (affected versions not specified) **Description** The ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aEnrich a+HRD (affected versions not specified) **Description** The issue is related to insufficient user input validation for a specific API parameter, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can lead to unauthorized access, modification, and deletion of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aEnrich a+HRD (affected versions not specified) **Description** The aEnrich a+HRD log read function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aEnrich a+HRD (affected versions not specified) **Description** The issue is related to improper validation for the login function. An unauthenticated remote attacker can exploit this to bypass authentication and access API functions, allowing them to perform arbitrary system commands or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mail SQR Expert system (affected versions not specified) **Description** The issue allows an unauthenticated remote attacker to execute arbitrary PHP files with a .asp file extension under specific system paths. This can lead to accessing and modifying partial system information, although it does not affect service availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mail SQR Expert (affected versions not specified) **Description** The issue is related to insufficient filtering for special characters in a specific function of Mail SQR Expert. This allows an unauthenticated remote attacker to exploit the issue and perform arbitrary system commands, potentially disrupting the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS Control Center (affected versions not specified) **Description** The issue allows an authenticated remote attacker with general user privilege to inject SQL commands into specific API parameters. This can lead to the acquisition of the database schema or access to data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.