Icefoxh

**Name of the Vulnerable Software and Affected Versions** WCMS version 11 **Description** A critical vulnerability has been found in WCMS 11, affecting an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the `mobile phone` argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. **Recommendations** As a temporary workaround, consider disabling the functionality related to the `mobile phone` argument in the AnonymousController.php file until a patch is available. Restrict access to the vulnerable file app/controllers/AnonymousController.php to minimize the risk of exploitation. Avoid using the `mobile phone` parameter in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WCMS version 11 **Description** A critical issue has been found in the Advertisement Image Handler component, affecting the `sub` function of the file `app/admin/AdvadminController.php`. This issue leads to unrestricted upload and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For WCMS version 11, consider disabling the `sub` function of the `AdvadminController.php` file until a patch is available. Restrict access to the Advertisement Image Handler component to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WCMS version 11 **Description** A critical vulnerability was found in WCMS 11, affecting an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the `email/username` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. **Recommendations** As a temporary workaround, consider restricting access to the vulnerable `AnonymousController.php` file until a patch is available. Avoid using the `email/username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS version 1.0 **Description** A critical issue has been discovered, affecting an unknown part of the file /system/cms/content/page. The manipulation of the `orderField` and `orderDirection` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For westboy CicadasCMS version 1.0, as a temporary workaround, consider restricting access to the `/system/cms/content/page` endpoint until a patch is available. Avoid using the `orderField` and `orderDirection` arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS version 1.0 **Description** A vulnerability was found in the software, affecting an unknown functionality of the file /system/cms/content/save. The manipulation of the argument `title/content/laiyuan` leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For westboy CicadasCMS version 1.0, as a temporary workaround, consider restricting access to the `/system/cms/content/save` endpoint until a patch is available. Avoid using the `title/content/laiyuan` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** westboy CicadasCMS version 1.0 **Description** A critical issue affects some unknown functionality of the file /system/cms/content/save. The manipulation of the `content/fujian/laiyuan` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** For westboy CicadasCMS version 1.0, as a temporary workaround, consider restricting access to the `/system/cms/content/save` endpoint until a patch is available. Avoid using the `content/fujian/laiyuan` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FastCMS versions up to 0.1.5 **Description** A critical issue has been found in FastCMS, affecting an unknown functionality of the file "/api/client/article/list". The manipulation of the `orderBy` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For FastCMS versions up to 0.1.5, update to a version later than 0.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/client/article/list" endpoint until a patch is available. Avoid using the `orderBy` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dromara ujcms version 9.7.5 **Description** A problematic issue was found in the File Upload component, specifically in the `uploadZip/upload` function of the `WebFileUploadController.java` file. This issue leads to cross-site scripting and can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For Dromara ujcms version 9.7.5, consider disabling the `uploadZip/upload` function of the `WebFileUploadController.java` file as a temporary workaround to minimize the risk of exploitation. Restrict access to the File Upload component to reduce the attack surface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dromara ujcms version 9.7.5 **Description** A problematic issue has been discovered, affecting the Edit Template File Page component, specifically the update function in the /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java file. This leads to cross-site scripting and can be initiated remotely. **Recommendations** For Dromara ujcms version 9.7.5, consider disabling the update function in the WebFileTemplateController.java file as a temporary workaround until a patch is available. Restrict access to the Edit Template File Page to minimize the risk of exploitation. Avoid using the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A critical issue has been discovered that affects the `delete` function of the `/admin/file/delete.do` endpoint, specifically within the `org.marker.mushroom.controller.FileController` component. The manipulation of the `path/name` argument leads to path traversal. This issue can be exploited remotely. Recommendations: For MRCMS version 3.1.2, consider restricting access to the `/admin/file/delete.do` endpoint until a patch is available. As a temporary workaround, avoid using the `path/name` argument in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function list of the file "/admin/file/list.do" of the component org.marker.mushroom.controller.FileController. The manipulation of the `path` argument leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For MRCMS version 3.1.2, as a temporary workaround, consider disabling the `FileController` function until a patch is available. Restrict access to the "/admin/file/list.do" endpoint to minimize the risk of exploitation. Avoid using the `path` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problem was found in the `rename` function of the `/admin/file/rename.do` file in the `org.marker.mushroom.controller.FileController` component. The manipulation of the `name/path` argument leads to cross-site scripting attacks. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. Recommendations: For MRCMS version 3.1.2, as a temporary workaround, consider disabling the `rename` function of the `/admin/file/rename.do` file until a patch is available. Restrict access to the `org.marker.mushroom.controller.FileController` component to minimize the risk of exploitation. Avoid using the `name/path` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function `upload` of the file "/admin/file/upload.do" of the component `org.marker.mushroom.controller.FileController`. The manipulation of the argument `path` leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For MRCMS version 3.1.2, as a temporary workaround, consider disabling the `upload` function of the `/admin/file/upload.do` file until a patch is available. Restrict access to the `org.marker.mushroom.controller.FileController` component to minimize the risk of exploitation. Avoid using the `path` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChestnutCMS versions up to 1.5.2 **Description** A critical issue has been discovered that affects the `uploadFile` function of the `/dev-api/cms/file/upload` API endpoint. The manipulation of the `file` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For ChestnutCMS versions up to 1.5.2, as a temporary workaround, consider disabling the `uploadFile` function until a patch is available. Restrict access to the `/dev-api/cms/file/upload` API endpoint to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ChestnutCMS version 1.5.2 **Description** A problematic vulnerability was found in the `renameFile` function of the `/cms/file/rename` API endpoint. The manipulation of the `rename` argument leads to path traversal. The exploit has been publicly disclosed. **Recommendations** For ChestnutCMS version 1.5.2, as a temporary workaround, consider disabling the `renameFile` function until a patch is available. Restrict access to the `/cms/file/rename` API endpoint to minimize the risk of exploitation. Avoid using the `rename` argument in the affected API endpoint until the issue is resolved.