Fatd0G

Name of the Vulnerable Software and Affected Versions: feng ha ha/megagao ssm-erp version 1.0 production ssm version 1.0 Description: A critical vulnerability has been found in the affected software, affecting the `uploadPicture` function of the `PictureServiceImpl.java` file. The manipulation of the `File` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. Recommendations: For feng ha ha/megagao ssm-erp version 1.0, consider disabling the `uploadPicture` function until a patch is available. For production ssm version 1.0, restrict access to the `PictureServiceImpl.java` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `File` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** feng ha ha/megagao ssm-erp version 1.0 production ssm version 1.0 **Description** A vulnerability was found in the function `handleFileDownload` of the file `FileController.java` of the component `File Handler`. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. **Recommendations** For feng ha ha/megagao ssm-erp version 1.0, consider disabling the `handleFileDownload` function until a patch is available. For production ssm version 1.0, restrict access to the `File Handler` component to minimize the risk of exploitation. As a temporary workaround, avoid using the `FileController.java` file in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** feng ha ha/megagao ssm-erp and production ssm version 0.0.1 **Description** A critical issue affects the `uploadFile` function in the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the `uploadFile` argument allows for unrestricted file upload. This issue can be exploited remotely. **Recommendations** For version 0.0.1, consider disabling the `uploadFile` function until a patch is available to prevent unrestricted file uploads. Restrict access to the `FileServiceImpl.java` service to minimize the risk of exploitation. Avoid using the `uploadFile` argument in the affected service until the issue is resolved.