H3Rmesk1T

**Name of the Vulnerable Software and Affected Versions** JIZHICMS versions up to 1.7.0 **Description** A problematic issue was found in JIZHICMS, affecting an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument `ishot` with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For JIZHICMS versions up to 1.7.0, consider restricting access to the `/user/release.html` endpoint until a patch is available. As a temporary workaround, avoid using the `ishot` argument in the affected Article Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS version 1.7.0 **Description** A vulnerability has been found in JIZHICMS, affecting some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the `jifen` argument leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For JIZHICMS version 1.7.0, consider disabling the functionality related to the `jifen` argument in the /user/userinfo.html file until a patch is available. Restrict access to the Account Profile Page to minimize the risk of exploitation. Avoid using the `jifen` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS versions up to 1.7.0 **Description** A vulnerability has been found in the Article Handler component, affecting the file /user/release.html. This issue leads to improper authorization and can be initiated remotely. The manipulation affects unknown code, and the exploit has been disclosed to the public. **Recommendations** For JIZHICMS versions up to 1.7.0, consider restricting access to the /user/release.html file until a patch is available. As a temporary workaround, review and strengthen authorization mechanisms in the Article Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iceCMS version 2.2.0 **Description** An access control issue in the component "/api/squareComment/DelectSquareById" allows unauthenticated attackers to access sensitive information. **Recommendations** For iceCMS version 2.2.0, consider disabling access to the "/api/squareComment/DelectSquareById" endpoint until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** iceCMS version 2.2.0 **Description** An access control issue in the component "/square/getAllSquare/circle" allows unauthenticated attackers to access sensitive information. **Recommendations** For iceCMS version 2.2.0, consider restricting access to the "/square/getAllSquare/circle" component until a patch is available. As a temporary workaround, avoid using the sensitive information accessible through this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CmsEasy version 7.7.7.9 **Description** A local file inclusion issue was discovered, allowing attackers to read arbitrary files via the `file get contents` function in the `fetch action` method of "/admin/template admin.php". **Recommendations** For CmsEasy version 7.7.7.9, consider disabling the `fetch action` method in "/admin/template admin.php" until a patch is available to prevent exploitation of this issue. Restrict access to the "/admin/template admin.php" file to minimize the risk of arbitrary file reading.

**Name of the Vulnerable Software and Affected Versions** CmsEasy version 7.7.7.9 **Description** A local file inclusion issue was discovered, allowing attackers to read arbitrary files via the `file get contents` function in the `fckedit action` method of `/admin/template admin.php`. **Recommendations** For CmsEasy version 7.7.7.9, consider disabling the `fckedit action` method in `/admin/template admin.php` until a patch is available to prevent exploitation of this issue. Restrict access to the `/admin/template admin.php` file to minimize the risk of arbitrary file reading.