Formanagain

**Name of the Vulnerable Software and Affected Versions** ChenJinchuang Lin-CMS-TP5 versions up to 0.3.3 **Description** A flaw exists in ChenJinchuang Lin-CMS-TP5 that allows for remote code injection. The issue is located in the `Upload` function within the `LocalUploader.php` file of the File Upload Handler component. Manipulation of the `File` argument can lead to code injection. The exploit for this issue has been published. **Recommendations** Versions up to 0.3.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** shanyu SyCms versions up to a242ef2d194e8bb249dc175e7c49f2c1673ec921 **Description** A code injection issue exists in shanyu SyCms. The issue is located in the `addPost` function within the `Application/Admin/Controller/FileManageController.class.php` file of the Administrative Panel component. This manipulation can be carried out remotely. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 9786 phpok3w versions prior to 901d96a06809fb28b17f3a4362c59e70411c933c **Description** A flaw exists in 9786 phpok3w. The issue is related to the manipulation of the `ID` argument, which can lead to SQL injection within the `show.php` file. The attack can be initiated remotely. The project was notified of the issue but has not yet responded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 **Description** A flaw exists in jackq XCMS that allows for unrestricted file upload. This issue impacts an unknown function within the file `Public/javascripts/admin/plupload-2.1.2/examples/upload.php`. The attack can be initiated remotely. The exploit for this issue has been published. The software utilizes a rolling release model, meaning specific version details for affected or updated releases are unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 **Description** A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the `Upload` function within the `Admin/Home/Controller/ProductImageController.class.php` file of the Backend component. Manipulation of the `File` argument enables remote attackers to upload files without restrictions. The exploit for this issue has been publicly disclosed and is potentially being used in active attacks. Reports indicate offensive activities targeting this vulnerability. **Recommendations** Versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 should be updated. As a temporary workaround, consider restricting access to the `ProductImageController.class.php` file or disabling the `Upload` function until a suitable update is available.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ versions up to 6.5.9 **Description** A security issue exists in DedeBIZ that allows for remote command injection. This is due to manipulation of a functionality within the file `/src/admin/catalog add.php`. The exploit for this issue has been publicly disclosed. The vulnerable parameter is not specified. **Recommendations** Versions prior to 6.5.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.