Int

**Name of the Vulnerable Software and Affected Versions** JeeWMS version 20250820 **Description** An arbitrary file upload issue exists due to insufficient file validation within the `saveFiles` function located at the `/jeewms/cgUploadController.do` endpoint. An attacker with standard user privileges can upload a malicious file, potentially leading to remote code execution. **Recommendations** Apply updates to address the insufficient file validation in the `saveFiles` function. Restrict access to the `/jeewms/cgUploadController.do` endpoint. As a temporary workaround, consider disabling the `saveFiles()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** xckk version 9.6 **Description** The software contains a SQL injection issue due to insufficient filtering of the `orderBy` parameter within the ''/address/list'' API endpoint. This allows for potential unauthorized database access or modification. **Recommendations** Apply secure filtering techniques to the `orderBy` parameter in the ''/address/list'' API endpoint to prevent SQL injection attacks.