Eric-Therond-Sonarsource

Name of the Vulnerable Software and Affected Versions: Smartstore versions prior to 4.1.0 Description: An issue was discovered in the Administration/Controllers/ImportController.cs file, specifically in the `ImportController.Create` method, which allows path traversal for copy and delete actions via the `TempFileName` field. Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ImportController.Create` method to minimize the risk of exploitation. Avoid using the `TempFileName` field in the affected method until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Smartstore (aka SmartStoreNET) versions prior to 4.1.0 Description: The issue allows open redirect through certain controllers, including `CommonController.ClearCache`, `ClearDatabaseCache`, `RestartApplication`, and `ScheduleTaskController.Edit`. Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue.