Elleuch-X1

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.1.16 **Description** An arbitrary file read issue exists due to the absence of proper validation on the `path` parameter in the "/api/template/render" endpoint. This allows attackers to access sensitive files on the host system. **Recommendations** For versions prior to 3.1.16, update to version 3.1.16 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/template/render" endpoint until the update is applied. Avoid using the `path` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.1.16 **Description** SiYuan is a personal knowledge management system. The /api/export/exportResources endpoint is vulnerable to arbitrary file read via path traversal. It is possible to manipulate the `paths` parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. **Recommendations** For versions prior to 3.1.16, update to version 3.1.16 to resolve the issue. As a temporary workaround, consider restricting access to the /api/export/exportResources endpoint until the update is applied. Avoid using the `paths` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Siyuan versions prior to 3.1.16 **Description** Siyuan is a personal knowledge management system. The `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored Cross-Site Scripting (via the file write). **Recommendations** For versions prior to 3.1.16, update to version 3.1.16, which contains a patch for the issue. As a temporary workaround, consider restricting access to the `/api/asset/upload` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.1.16 **Description** SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables, potentially leading to information leakage. **Recommendations** For versions prior to 3.1.16, update to version 3.1.16 to resolve the issue. As a temporary workaround, consider restricting access to the `/api/template/renderSprig` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Ampache versions prior to 6.6.0 **Description** Ampache is a web-based audio/video streaming application and file manager. The Democratic Playlist Name is vulnerable to a stored cross-site scripting issue. **Recommendations** For versions prior to 6.6.0, update to version 6.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the Democratic Playlist Name feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Nginx-UI versions prior to 2.0.0-beta.12 **Description** The Import Certificate feature in Nginx-UI allows arbitrary write into the system, enabling an attacker to write into arbitrary paths. This can be leveraged into a remote code execution by overwriting the config file app.ini. The feature does not check if the provided user input is a certification/key, allowing for exploitation. API Endpoints: The `/api/cert` endpoint is vulnerable to arbitrary file write. Vulnerable Parameters or Variables: The `ssl certificate path`, `ssl certificate key path`, `ssl certificate`, and `ssl certificate key` variables are vulnerable to exploitation. Function Names: The `AddCert` function and the `WriteFile` function are involved in the vulnerability. **Recommendations** For versions prior to 2.0.0-beta.12, update to version 2.0.0-beta.12 or later to fix the issue. As a temporary workaround, consider restricting access to the `/api/cert` endpoint to minimize the risk of exploitation. Avoid using the `ssl certificate path`, `ssl certificate key path`, `ssl certificate`, and `ssl certificate key` variables in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nginx-UI versions prior to v2.0.0-beta.12 **Description** The issue is related to the Nginx UI server's app.ini configuration file, where special elements are not properly neutralized when processing the `test config cmd` and `start cmd` parameters. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability allows for authenticated remote code execution on the host. **Recommendations** For versions prior to v2.0.0-beta.12, update to version v2.0.0-beta.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `app.ini` configuration file to prevent injection of malicious values into the `test config cmd` and `start cmd` parameters. Avoid using the `test config cmd` and `start cmd` parameters in the affected API endpoints until the issue is resolved.