Lem0N817

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions up to 3.8.0 **Description** A vulnerability was found in JeecgBoot that affects the function `unzipFile` of the file `/jeecg-boot/airag/knowledge/doc/import/zip` of the component Document Library Upload. The manipulation of the argument `File` leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For JeecgBoot versions up to 3.8.0, consider disabling the `unzipFile` function until a patch is available to prevent remote resource consumption. Restrict access to the `/jeecg-boot/airag/knowledge/doc/import/zip` file to minimize the risk of exploitation. Avoid using the `File` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 12.9 **Description** The issue concerns an Arbitrary File Read vulnerability. It is exploited via the `admin safe.php` file. **Recommendations** For SeaCMS version 12.9, consider restricting access to the `admin safe.php` file until a patch is available.