Gaorenyusi

**Name of the Vulnerable Software and Affected Versions** yiisoft Yii2 versions up to 2.0.39 **Description** A critical issue was found in the Generate function of the file phpunitsrcFrameworkMockObjectMockClass.php. This issue leads to deserialization and can be initiated remotely. **Recommendations** For versions up to 2.0.39, update to a version higher than 2.0.39 to resolve the issue. As a temporary workaround, consider restricting access to the Generate function of the MockClass.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** yiisoft Yii2 versions up to 2.0.45 **Description** A critical issue has been found, affecting the `getIterator` function of the file `symfonyfinderIteratorSortableIterator.php`. This issue leads to deserialization and can be exploited remotely. **Recommendations** For versions up to 2.0.45, update to a version higher than 2.0.45 to resolve the issue. As a temporary workaround, consider restricting access to the `getIterator` function of the `SortableIterator.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Best House Rental Management System version 1.0 **Description** The issue is related to a SQL injection vulnerability in the `delete category()` function, located in the file `rental/admin class.php`. This vulnerability can potentially be exploited to execute unauthorized SQL commands. **Recommendations** For Best House Rental Management System version 1.0, consider disabling the `delete category()` function until a patch is available to prevent potential SQL injection attacks. Restrict access to the `rental/admin class.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Best House Rental Management System version 1.0 **Description** The issue concerns an arbitrary file upload vulnerability in the `signup()` function of the file `rental/admin class.php`. This could potentially lead to system compromise. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Best House Rental Management System version 1.0, patch immediately and validate input to prevent exploitation. As a temporary workaround, consider disabling the `signup()` function until a patch is available. Restrict access to the `rental/admin class.php` file to minimize the risk of exploitation. Avoid using the vulnerable file upload feature in the signup process until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Best House Rental Management System version 1.0 **Description** The issue concerns an arbitrary file upload vulnerability. This vulnerability is located in the `update account()` function of the file `rental/admin class.php`. **Recommendations** For Best House Rental Management System version 1.0, consider disabling the `update account()` function until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the `rental/admin class.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Best House Rental Management System version 1.0 **Description** The issue concerns an arbitrary file upload vulnerability. This vulnerability is located in the save settings() function of the file rental/admin class.php. **Recommendations** For Best House Rental Management System version 1.0, consider disabling the save settings() function until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the rental/admin class.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.115 **Description** The issue is related to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. This allows for potential malicious script execution. **Recommendations** For DedeCMS version 5.7.115, as a temporary workaround, consider disabling the advertisement code box in the advertisement management module until a patch is available. Restrict access to the advertisement management module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dedecms version 5.7.115 **Description** The issue is related to an arbitrary code execution via file upload vulnerability in the backend. **Recommendations** For Dedecms version 5.7.115, as a temporary workaround, consider disabling file uploads in the backend until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue affects the function `delete user/save user` of the file `/admin class.php`. The manipulation of the argument `id` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Best House Rental Management System version 1.0, consider disabling the `delete user/save user` function in the `/admin class.php` file until a patch is available. Restrict access to the `id` argument to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: lmxcms versions up to 1.4 Description: A critical issue was found in the function `formatData` of the file /admin.php?m=Acquisi&a=testcj&lid=1, which is part of the SQL Command Execution Module. The manipulation of the argument `data` leads to code injection. This issue can be exploited remotely. The exploit has been disclosed to the public. Recommendations: For lmxcms versions up to 1.4, as a temporary workaround, consider disabling the `formatData` function until a patch is available. Restrict access to the /admin.php?m=Acquisi&a=testcj&lid=1 endpoint to minimize the risk of exploitation. Avoid using the `data` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Laboratory Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Computer Laboratory Management System. The issue affects the `delete record` function of the file `/classes/Master.php?f=delete record`. The manipulation of the `id` argument leads to SQL injection. The attack can be launched remotely. Recommendations: For SourceCodester Computer Laboratory Management System version 1.0, consider disabling the `delete record` function until a patch is available. Restrict access to the `/classes/Master.php?f=delete record` endpoint to minimize the risk of exploitation. Avoid using the `id` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Laboratory Management System version 1.0 Description: A critical vulnerability has been found in the function `update settings info` of the file `/classes/SystemSettings.php?f=update settings`. The manipulation of the `name` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Computer Laboratory Management System version 1.0, consider disabling the `update settings info` function until a patch is available. Restrict access to the `/classes/SystemSettings.php?f=update settings` endpoint to minimize the risk of exploitation. Avoid using the `name` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.