He

**Name of the Vulnerable Software and Affected Versions** SUNNET CTMS (affected versions not specified) **Description** The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to upload and execute scripts onto arbitrary directories, potentially leading to arbitrary system operations or service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RIFARTEK IOT Wall (affected versions not specified) **Description** The issue concerns incorrect authorization, allowing an authenticated remote attacker with general user privilege to perform specific privileged functions. This enables the attacker to access and modify all sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RIFARTEK IOT Wall (affected versions not specified) **Description** The issue concerns insufficient filtering for user input in the transportation function, allowing an authenticated remote attacker with general user privileges to inject JavaScript. This enables the attacker to perform a reflected XSS attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyTest (affected versions not specified) **Description** The issue concerns the File Upload function of EasyTest, which lacks sufficient filtering for special characters and file types. This allows a remote attacker, authenticated as a general user, to upload and execute arbitrary files. As a result, the attacker can manipulate the system or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyTest (affected versions not specified) **Description** The issue concerns insufficient validation of user input in the Download function's parameter, allowing a remote attacker authenticated as a general user to inject arbitrary SQL commands. This enables the attacker to access, modify, or delete the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyTest (affected versions not specified) **Description** The Administrator function of EasyTest has an Incorrect Authorization issue. A remote attacker authenticated as a general user can exploit this to bypass intended access restrictions, make API function calls, manipulate the system, and terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.