Dabaizhizhu

**Name of the Vulnerable Software and Affected Versions** newbee-mall version 1.0.0 **Description** The issue allows for Server-Side Request Forgery (SSRF) via the `goodsCoverImg` parameter. **Recommendations** For version 1.0.0, avoid using the `goodsCoverImg` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MRCMS version 3.1.2 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `RID` parameter in the "/admin/article/delete.do" API endpoint. **Recommendations** For MRCMS version 3.1.2, avoid using the `RID` parameter in the "/admin/article/delete.do" API endpoint until a fix is available. As a temporary workaround, consider restricting access to the "/admin/article/delete.do" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Finesoft versions 8.0 and before **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script. This enables the attacker to perform unauthorized actions on the affected system. **Recommendations** For versions 8.0 and before, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Finesoft versions 8.0 and before **Description** The issue allows a remote attacker to execute arbitrary code via a crafted script to the "login.jsp" parameter. This enables the attacker to perform actions such as executing arbitrary code. **Recommendations** For versions 8.0 and before, update to a version that fixes this issue, as the current version allows for the execution of arbitrary code by a remote attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shanxi Internet Chuangxiang Technology Co., Ltd version 1.0.1 **Description** The background management system has an issue that allows a remote attacker to cause a denial of service via the `index.html` component. **Recommendations** For version 1.0.1, consider restricting access to the `index.html` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hangzhou Meisoft Information Technology Co., Ltd. FineSoft versions prior to 8.0 **Description** The issue allows remote attackers to execute arbitrary code through Cross Site Scripting (XSS). When attempting to log in with any account and password, and clicking Login, the page reports an error. A controllable parameter then appears in the URL. **Recommendations** For versions prior to 8.0, update to version 8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the vulnerable login functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Shenzhen Weitillage Industrial Co., Ltd access management specialist version V6.62.51215 **Description** An issue in the access management specialist allows a remote attacker to obtain sensitive information. **Recommendations** For version V6.62.51215, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FineSoft version 8.0 **Description** A cross-site scripting (XSS) issue in the login page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:`errorname` parameter after a failed login attempt. **Recommendations** For FineSoft version 8.0, consider restricting access to the login page or validating user input to prevent malicious payloads from being injected into the `errorname` parameter until a fix is available.