Glzjin

**Name of the Vulnerable Software and Affected Versions** KaiYuanTong ECT Platform versions up to 2.0.0 **Description** A critical issue has been found in the HTTP POST Request Handler component of the affected software, specifically in the file /public/server/runCode.php. The manipulation of the `code` argument leads to command injection. This issue can be exploited remotely. The exploit has been disclosed publicly, and the vendor was contacted about this disclosure but did not respond. **Recommendations** For KaiYuanTong ECT Platform versions up to 2.0.0, as a temporary workaround, consider disabling the `runCode.php` file or restricting access to the HTTP POST Request Handler component until a patch is available. Avoid using the `code` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YunzMall versions up to 2.4.2 **Description** A critical issue has been found in the function `changePwd` of the file `/app/platform/controllers/ResetpwdController.php` of the component HTTP POST Request Handler. The manipulation of the argument `pwd` leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 2.4.2, as a temporary workaround, consider disabling the `changePwd` function until a patch is available. Restrict access to the `/app/platform/controllers/ResetpwdController.php` file to minimize the risk of exploitation. Avoid using the argument `pwd` in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FoxCMS versions up to 1.2 **Description** A critical issue was found in the API Endpoint component, specifically in the file /app/api/controller/Site.php. The manipulation of the `password` argument leads to improper authorization, allowing for remote attacks. The issue has been publicly disclosed and may be exploited. **Recommendations** For FoxCMS versions up to 1.2, update to a version that fixes the improper authorization issue. As a temporary workaround, consider restricting access to the API Endpoint, specifically the file /app/api/controller/Site.php, to minimize the risk of exploitation. Avoid using the `password` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FoxCMS versions up to 1.2 **Description** A critical issue has been found in the Configuration File Handler component, specifically in the file /install/installdb.php. The manipulation of the `database password` argument leads to code injection. This issue can be exploited remotely. **Recommendations** For FoxCMS versions up to 1.2, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QileCMS versions up to 1.1.3 **Description** A problematic issue was found in QileCMS, affecting the `sendEmail` function of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. This leads to weak password recovery. The attack can be initiated remotely, with a rather high complexity of attack and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For QileCMS versions up to 1.1.3, as a temporary workaround, consider disabling the `sendEmail` function until a patch is available. Restrict access to the vulnerable component Verification Code Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gacjie Server versions up to 1.0 **Description** A critical issue was found in Gacjie Server, affecting the function index of the file /app/admin/controller/Upload.php. The manipulation of the `file` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Gacjie Server versions up to 1.0, as a temporary workaround, consider disabling the file upload functionality in the /app/admin/controller/Upload.php file until a patch is available. Restrict access to the Upload.php file to minimize the risk of exploitation. Avoid using the `file` argument in the affected function index until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osuuu LightPicture versions up to 1.2.2 **Description** A critical issue was found in osuuu LightPicture, affecting an unknown function of the file /app/controller/Setup.php. This issue leads to unrestricted upload and can be exploited remotely. **Recommendations** For osuuu LightPicture versions up to 1.2.2, consider disabling the upload functionality until a patch is available. Restrict access to the /app/controller/Setup.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** osuuu LightPicture versions up to 1.2.2 **Description** A critical issue has been found in osuuu LightPicture, affecting the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to the use of a hard-coded cryptographic key. The attack may be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. **Recommendations** For osuuu LightPicture versions up to 1.2.2, consider disabling the function handle of the file /app/middleware/TokenVerify.php as a temporary workaround until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. Avoid using the hard-coded cryptographic key in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Demososo DM Enterprise Website Building System versions up to 2022.8 **Description** A critical issue has been found, affecting the function `dmlogin` of the file `indexDM load.php` in the Cookie Handler component. The manipulation of the argument `is admin` with the input `y` leads to improper authentication. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted about this issue but did not respond. **Recommendations** For Demososo DM Enterprise Website Building System versions up to 2022.8, as a temporary workaround, consider disabling the `dmlogin` function until a patch is available. Restrict access to the `indexDM load.php` file to minimize the risk of exploitation. Avoid using the argument `is admin` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TemmokuMVC versions up to 2.3 **Description** A critical issue was found in the function `get img url/img replace` in the library `lib/images get down.php` of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For TemmokuMVC versions up to 2.3, as a temporary workaround, consider disabling the `get img url/img replace` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shopwind versions up to 4.6 **Description** A critical issue affects the `actionCreate` function of the `/public/install/controllers/DefaultController.php` file in the Installation component, leading to code injection. The attack can be initiated remotely, but the complexity is rather high, making exploitation difficult. **Recommendations** For Shopwind versions up to 4.6, consider disabling the `actionCreate` function of the `/public/install/controllers/DefaultController.php` file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPEMS versions up to 1.0 **Description** A critical issue has been found in the function `index` of the file `app/weixin/controller/index.api.php`. The manipulation of the argument `picurl` leads to deserialization. The issue has been disclosed to the public and may be used. **Recommendations** For PHPEMS versions up to 1.0, as a temporary workaround, consider restricting the use of the `index` function in the `app/weixin/controller/index.api.php` file until a patch is available. Avoid using the argument `picurl` in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical issue was found in the function `actionUpdate` of the file `/api/controllers/merchant/shop/PosterController.php` of the component API. The manipulation of the argument `pic url` leads to unrestricted upload. It is possible to launch the attack remotely. **Recommendations** For versions up to 1.5.02, as a temporary workaround, consider disabling the `actionUpdate` function until a patch is available. Restrict access to the `/api/controllers/merchant/shop/PosterController.php` file to minimize the risk of exploitation. Avoid using the argument `pic url` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical issue has been found in the API component, specifically affecting the `actionUpdate` function of the `/api/controllers/merchant/design/MaterialController.php` file. The manipulation of the `pic url` argument leads to unrestricted upload. This issue can be initiated remotely. **Recommendations** For versions up to 1.5.02, consider disabling the `actionUpdate` function of the `MaterialController.php` file until a patch is available. Restrict access to the `/api/controllers/merchant/design/MaterialController.php` file to minimize the risk of exploitation. Avoid using the `pic url` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical issue has been found, affecting the function `actionUpdate` of the file `/api/controllers/common/UploadsController.php`. The manipulation of the argument `imgage` leads to unrestricted upload. The attack can be launched remotely. **Recommendations** For Juanpao JPShop versions up to 1.5.02, consider disabling the `actionUpdate` function in the `/api/controllers/common/UploadsController.php` file until a patch is available. Restrict access to the `imgage` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A vulnerability was found in the API component of Juanpao JPShop, specifically in the file api/config/params.php. The manipulation of the `JWT KEY ADMIN` argument leads to the use of a hard-coded cryptographic key. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For Juanpao JPShop versions up to 1.5.02, consider updating to a version that fixes the use of hard-coded cryptographic keys, specifically addressing the issue in the `JWT KEY ADMIN` argument. As a temporary workaround, consider restricting access to the api/config/params.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical vulnerability has been found in Juanpao JPShop, affecting the `actionIndex` function of the `/api/controllers/admin/app/ComboController.php` file in the API component. The manipulation of the `pic url` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For Juanpao JPShop versions up to 1.5.02, as a temporary workaround, consider disabling the `actionIndex` function of the `ComboController.php` file until a patch is available. Restrict access to the API endpoint to minimize the risk of exploitation. Avoid using the `pic url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical issue affects some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the `app pic url` argument leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Juanpao JPShop versions up to 1.5.02, as a temporary workaround, consider restricting access to the `/api/controllers/admin/app/AppController.php` file until a patch is available. Avoid using the `app pic url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juanpao JPShop versions up to 1.5.02 **Description** A critical vulnerability was found in Juanpao JPShop, affecting the `actionIndex` function of the `/api/controllers/merchant/app/ComboController.php` file in the API component. The manipulation of the `pic url` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Juanpao JPShop versions up to 1.5.02, consider disabling the `actionIndex` function in the `/api/controllers/merchant/app/ComboController.php` file as a temporary workaround until a patch is available. Restrict access to the API endpoint to minimize the risk of exploitation. Avoid using the `pic url` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QiboSoft QiboCMS X1 versions up to 1.0.6 **Description** A critical vulnerability was found in the function `rmb pay` of the file `/application/index/controller/Pay.php`. The manipulation of the argument `callback class` leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For QiboSoft QiboCMS X1 versions up to 1.0.6, as a temporary workaround, consider disabling the `rmb pay` function until a patch is available. Restrict access to the `/application/index/controller/Pay.php` file to minimize the risk of exploitation. Avoid using the argument `callback class` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.