Eurekya

**Name of the Vulnerable Software and Affected Versions** MuYuCMS versions prior to 2.7 **Description** A security flaw exists in MuYuCMS up to version 2.7. This issue is related to an unknown functionality within the `/admin.php` file of the Template Management component, allowing for code injection. The attack can be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MuYuCMS versions prior to 2.7 **Description** A server-side request forgery condition exists in MuYuCMS. The issue is located in an unknown function within the /index/index.html file of the Add Fiend Link Handler component. Manipulation of the `Link URL` argument can trigger the issue, allowing for remote attacks. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad **Description** A critical issue affects some unknown functionality of the file /sa/addUser of the component User Creation Handler, leading to improper authorization. The attack may be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb **Description** A critical issue has been found in the Image File Upload component of the system, affecting some unknown processing of the file /upload/. The manipulation of the `File` argument leads to path traversal. The attack may be initiated remotely. **Recommendations** As a temporary workaround, consider disabling the Image File Upload component until a patch is available. Restrict access to the /upload/ directory to minimize the risk of exploitation. Avoid using the `File` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.