D3Do

Name of the Vulnerable Software and Affected Versions: binary-husky gpt academic versions up to 3.91 Description: A path traversal issue exists in the LaTeX File Handler component of binary-husky gpt academic. The `merge tex files ` function within the `crazy functions/latex fns/latex toolbox.py` file is susceptible to manipulation of the `input{}` argument, potentially allowing for path traversal. The exploit has been publicly disclosed. The vendor was contacted but did not respond. Recommendations: Versions prior to 3.91 should be used.

**Name of the Vulnerable Software and Affected Versions** leiyuxi cy-fast version 1.0 **Description** A critical vulnerability was found in the function `listData` of the file `/sys/role/listData`. The manipulation of the argument order leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For leiyuxi cy-fast version 1.0, as a temporary workaround, consider disabling the `listData` function until a patch is available. Restrict access to the `/sys/role/listData` file to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** leiyuxi cy-fast version 1.0 **Description** A critical issue has been found in the function `listData` of the file `/sys/user/listData`. The manipulation of the argument order leads to SQL injection. This issue can be exploited remotely. **Recommendations** For leiyuxi cy-fast version 1.0, as a temporary workaround, consider disabling the `listData` function until a patch is available. Restrict access to the `/sys/user/listData` file to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** leiyuxi cy-fast version 1.0 **Description** A critical issue has been found in the listData function of the /commpara/listData file. The manipulation of the argument order leads to SQL injection. This issue can be exploited remotely. **Recommendations** For leiyuxi cy-fast version 1.0, as a temporary workaround, consider disabling the listData function in the /commpara/listData file until a patch is available. Restrict access to the /commpara/listData file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** leiyuxi cy-fast version 1.0 **Description** A critical issue affects the `listData` function of the file `/sys/menu/listData`. The manipulation of the argument order leads to SQL injection. The attack may be launched remotely. **Recommendations** For leiyuxi cy-fast version 1.0, as a temporary workaround, consider disabling the `listData` function until a patch is available. Restrict access to the `/sys/menu/listData` file to minimize the risk of exploitation. Avoid using the vulnerable function to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.