Jing1

**Name of the Vulnerable Software and Affected Versions** LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 **Description** A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the `File` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For versions up to 1.1.4, as a temporary workaround, consider restricting access to the /admin/upload/upimage.html file to minimize the risk of exploitation. Avoid using the `File` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: StarSea99 starsea-mall version 1.0 Description: A problematic issue has been found in the Backend component, affecting the processing of the file "/admin/indexConfigs/save". The manipulation of the `categoryName` argument leads to cross-site scripting. This issue can be initiated remotely. Other parameters might also be affected. Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the "/admin/indexConfigs/save" endpoint until a fix is available. Additionally, avoid using the `categoryName` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** huang-yk student-manage version 1.0 **Description** A vulnerability has been found in huang-yk student-manage and classified as problematic. This issue affects unknown code and leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For huang-yk student-manage version 1.0, as a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery attacks until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LinZhaoguan pb-cms version 1.0.0 **Description** A critical issue affects some unknown processing of the file /admin#themes of the component Add New Topic Handler. The manipulation of the `Topic Key` argument leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For LinZhaoguan pb-cms version 1.0.0, as a temporary workaround, consider restricting access to the /admin#themes file and the Add New Topic Handler component until a patch is available. Avoid using the `Topic Key` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.