Jmx0Hxq

Name of the Vulnerable Software and Affected Versions: CodePhiliaX Chat2DB versions through 0.3.7 Description: A SQL injection issue exists in the JDBC Connection Handler component of CodePhiliaX Chat2DB. The issue affects an unknown function within the `ai/chat2db/server/web/api/controller/data/source/DataSourceController.java` file. This allows for remote execution of attacks. The exploit has been publicly disclosed. Recommendations: Versions prior to 0.3.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 2.1.1 Description: A vulnerability exists in jeecgboot JimuReport up to version 2.1.1, related to an unknown functionality within the `/drag/onlDragDataSource/testConnection` file of the Data Large Screen Template component. This issue leads to deserialization and may be exploited remotely. Recommendations: Update to a version beyond 2.1.1.

**Name of the Vulnerable Software and Affected Versions** crmeb java versions up to 1.3.4 **Description** A problematic issue has been found, affecting the `webHook` function of the `WeChatMessageController.java` file. This issue leads to xml external entity reference and can be exploited remotely. **Recommendations** For crmeb java versions up to 1.3.4, consider disabling the `webHook` function of the `WeChatMessageController.java` file as a temporary workaround until a patch is available. Restrict access to the `WeChatMessageController.java` file to minimize the risk of exploitation. Avoid using the `webHook` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ShopXO versions up to 6.4.0 **Description** A vulnerability was found in ShopXO, affecting an unknown part of the file `app/service/ThemeAdminService.php` of the component Template Handler. The manipulation leads to injection, and it is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 6.4.0, as a temporary workaround, consider disabling the `ThemeAdminService.php` file or restricting access to the Template Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Food Menu Manager version 1.0 **Description** A critical issue has been found in the software, affecting an unknown functionality of the file "endpoint/update.php". This leads to unrestricted upload. The issue can be exploited remotely. **Recommendations** For SourceCodester Food Menu Manager version 1.0, consider restricting access to the "update.php" file as a temporary workaround until a patch is available. Avoid using the file for uploads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Employee Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file index.php, where the manipulation of the `username` and `password` arguments leads to the use of default credentials. This issue can be exploited remotely. **Recommendations** For SourceCodester Employee Management System version 1.0, consider changing the default credentials to custom, secure ones to mitigate the risk of exploitation. As a temporary workaround, restrict access to the index.php file until a more permanent solution is available.