Dee.Mirage

**Name of the Vulnerable Software and Affected Versions** vion707 DMadmin versions prior to 3403cafdb42537a648c30bf8cbc8148ec60437d1 **Description** A cross-site scripting issue exists in vion707 DMadmin. The issue is located in the `Add` function of the `Admin/Controller/AddonsController.class.php` file within the Backend component. Remote manipulation can trigger the issue. The exploit has been publicly disclosed. **Recommendations** Update vion707 DMadmin to version 3403cafdb42537a648c30bf8cbc8148ec60437d1 or later. As a temporary workaround, consider restricting access to the `Add` function within the `Admin/Controller/AddonsController.class.php` file.

**Name of the Vulnerable Software and Affected Versions** 07FLYCMS versions up to 1.2.0 07FLY-CMS versions up to 1.2.0 07FlyCRM versions up to 1.2.0 **Description** A critical vulnerability was found in the affected products, which affects the `pictureUpload` function of the file `/admin/File/pictureUpload`. The manipulation of the `file` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For 07FLYCMS versions up to 1.2.0, consider disabling the `pictureUpload` function until a patch is available. For 07FLY-CMS versions up to 1.2.0, restrict access to the `/admin/File/pictureUpload` file to minimize the risk of exploitation. For 07FlyCRM versions up to 1.2.0, avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 07FLYCMS versions up to 1.2.0 07FLY-CMS versions up to 1.2.0 07FlyCRM versions up to 1.2.0 **Description** A critical vulnerability has been found in the affected products, affecting the `fileUpload` function of the file `/admin/File/fileUpload`. The manipulation of the `file` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For 07FLYCMS versions up to 1.2.0, consider disabling the `fileUpload` function in the `/admin/File/fileUpload` file until a patch is available. For 07FLY-CMS versions up to 1.2.0, restrict access to the `/admin/File/fileUpload` endpoint to minimize the risk of exploitation. For 07FlyCRM versions up to 1.2.0, avoid using the `file` argument in the `fileUpload` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ version 6.3.0 **Description** A critical vulnerability was found in DedeBIZ, affecting an unknown functionality of the file admin/media add.php of the component File Extension Handler. The manipulation of the argument `upfile1` leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** Update to version 6.3.1 to fix the vulnerability. As a temporary workaround, consider restricting access to the `admin/media add.php` file and validating file extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ version 6.3.0 **Description** A critical vulnerability has been found in DedeBIZ, affecting the `AdminUpload` function of the file `admin/archives do.php`. The manipulation of the argument `litpic` leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeBIZ version 6.3.0, as a temporary workaround, consider disabling the `AdminUpload` function until a patch is available. Restrict access to the `admin/archives do.php` file to minimize the risk of exploitation. Avoid using the argument `litpic` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ version 6.3.0 **Description** A critical vulnerability was found in DedeBIZ, affecting the function `get mime type` of the file `/admin/dialog/select images post.php` in the component Attachment Settings. The manipulation of the argument `upload` leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the `get mime type` function in the `/admin/dialog/select images post.php` file until a patch is available. Restrict access to the Attachment Settings component to minimize the risk of exploitation. Avoid using the `upload` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ version 6.3.0 **Description** A critical issue was found in DedeBIZ, affecting some unknown functionality of the file admin/file manage control.php of the component File Extension Handler. The manipulation of the `upfile1` argument leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For DedeBIZ version 6.3.0, update to version 6.3.1 as soon as possible to stay secure. As a temporary workaround, consider restricting access to the `admin/file manage control.php` file and the `upfile1` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** xiaohe4966 TpMeCMS version 1.3.3.2 **Description** A problematic vulnerability was found in the Basic Configuration Handler component of xiaohe4966 TpMeCMS. The issue affects an unknown function of the file /h.php/general/config?ref=addtabs. The manipulation of the `Site Name`, `Beian`, `Contact address`, `copyright`, and `technical support` arguments leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For xiaohe4966 TpMeCMS version 1.3.3.2, as a temporary workaround, consider restricting access to the /h.php/general/config?ref=addtabs endpoint until a patch is available. Avoid using the `Site Name`, `Beian`, `Contact address`, `copyright`, and `technical support` arguments in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InnoCMS version 0.3.1 **Description** A critical issue has been found in the Backend component, specifically affecting the file "/panel/pages/1/edit". This issue leads to code injection and can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For InnoCMS version 0.3.1, as a temporary workaround, consider restricting access to the "/panel/pages/1/edit" file of the Backend component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** wanglongcn ltcms version 1.0.20 **Description** A critical issue has been found, affecting the `multiDownload` function of the `/api/file/multiDownload` API Endpoint. The manipulation of the `file` argument leads to server-side request forgery, allowing for remote attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For version 1.0.20, consider disabling the `multiDownload` function of the `/api/file/multiDownload` API Endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wanglongcn ltcms version 1.0.20 **Description** A critical issue affects the `downloadFile` function of the `/api/file/downloadfile` API Endpoint, where manipulation of the `file` argument leads to path traversal. This issue can be initiated remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond. **Recommendations** For version 1.0.20, consider disabling the `downloadFile` function until a patch is available. Restrict access to the `/api/file/downloadfile` API Endpoint to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wanglongcn ltcms version 1.0.20 **Description** A critical issue has been found, affecting the `downloadUrl` function of the `/api/file/downloadUrl` API Endpoint. The manipulation of the `file` argument leads to server-side request forgery, which can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** For version 1.0.20, as a temporary workaround, consider disabling the `downloadUrl` function until a patch is available. Restrict access to the `/api/file/downloadUrl` API Endpoint to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wanglongcn ltcms version 1.0.20 **Description** A critical vulnerability has been found in the `download` function of the `/api/test/download` API Endpoint, allowing for server-side request forgery through the manipulation of the `url` argument. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** For version 1.0.20, as a temporary workaround, consider disabling the `download` function of the `/api/test/download` API Endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fujian mwcms version 1.0.0 **Description** A critical issue was found in the Image Upload component, specifically affecting the `uploadeditor` function of the file "/uploadeditor.html?action=uploadimage". The manipulation of the `upfile` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For Fujian mwcms version 1.0.0, as a temporary workaround, consider disabling the `uploadeditor` function until a patch is available. Restrict access to the "/uploadeditor.html?action=uploadimage" endpoint to minimize the risk of exploitation. Avoid using the `upfile` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Fujian mwcms version 1.0.0 **Description** A critical issue affects the `uploadimage` function of the file `/uploadfile.html`. The manipulation of the `upfile` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For Fujian mwcms version 1.0.0, consider disabling the `uploadimage` function of the file `/uploadfile.html` to prevent unrestricted upload until a patch is available. Restrict access to the `/uploadfile.html` file to minimize the risk of exploitation. Avoid using the `upfile` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Laravel Accounting System version 1.0 **Description** A critical issue was found in the Laravel Accounting System, affecting an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the `image` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Laravel Accounting System version 1.0, as a temporary workaround, consider restricting access to the `app/Http/Controllers/HomeController.php` file or disabling the functionality that allows image uploads until a patch is available. Restrict the use of the `image` argument in the affected controller to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** juzaweb CMS versions up to 3.4.2 **Description** A path traversal issue has been found in the Theme Editor component of juzaweb CMS, affecting an unknown function of the file /admin-cp/theme/editor/default. This issue can be exploited remotely, potentially leading to unauthorized access. The exploit has been disclosed publicly. **Recommendations** For versions up to 3.4.2, upgrade to a patched version immediately and review logs for signs of exploit. As a temporary workaround, consider restricting access to the Theme Editor component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Placement Management System version 1.0 **Description** A critical issue has been found in the itsourcecode Placement Management System, affecting the file view company.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For itsourcecode Placement Management System version 1.0, consider restricting access to the view company.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Placement Management System version 1.0 **Description** A critical issue was found in the itsourcecode Placement Management System, affecting some unknown functionality of the file apply now.php. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For itsourcecode Placement Management System version 1.0, consider restricting access to the apply now.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Placement Management System version 1.0 **Description** A critical issue was found in the itsourcecode Placement Management System, affecting an unknown function of the file login.php. The manipulation of the `email` argument leads to SQL injection. It is possible to launch the attack remotely. **Recommendations** For itsourcecode Placement Management System version 1.0, consider restricting access to the `login.php` file until a patch is available. As a temporary workaround, avoid using the `email` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.