Linyz-Tel

**Name of the Vulnerable Software and Affected Versions** lakernote EasyAdmin versions up to 20240315 **Description** A critical issue was found in the function `thumbnail` of the file `src/main/java/com/laker/admin/module/sys/controller/IndexController.java`. The manipulation of the argument `url` leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 20240315, apply a patch to fix this issue, specifically the patch identified as 23165d8cb569048c531150f194fea39f8800b8d5. As a temporary workaround, consider disabling the `thumbnail` function until a patch is available. Restrict access to the `IndexController.java` file to minimize the risk of exploitation. Avoid using the `url` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PandaXGO PandaX up to 20240310 **Description** A critical issue was found in the function `InsertRole` of the file `/apps/system/services/role menu.go`. The manipulation of the argument `roleKey` leads to sql injection. It is possible to initiate the attack remotely. **Recommendations** For PandaXGO PandaX up to 20240310, as a temporary workaround, consider disabling the `InsertRole` function until a patch is available. Restrict access to the `/apps/system/services/role menu.go` file to minimize the risk of exploitation. Avoid using the argument `roleKey` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PandaXGO PandaX up to 20240310 **Description** A critical issue has been identified, affecting the `DeleteImage` function in the `/apps/system/router/upload.go` file. The vulnerability can be exploited by manipulating the `fileName` argument with a specific input, such as `../../../../../../../tmp/1.txt`, leading to path traversal. The attack can be initiated remotely. **Recommendations** For PandaXGO PandaX up to 20240310, consider disabling the `DeleteImage` function as a temporary workaround until a patch is available. Restrict access to the `/apps/system/router/upload.go` file to minimize the risk of exploitation. Avoid using the `fileName` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PandaXGO PandaX up to 20240310 **Description** A critical issue affects the function `ExportUser` of the file `/apps/system/api/user.go`. The manipulation of the argument `filename` leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. This issue can be exploited remotely. **Recommendations** For PandaXGO PandaX up to 20240310, as a temporary workaround, consider disabling the `ExportUser` function until a patch is available. Restrict access to the `/apps/system/api/user.go` file to minimize the risk of exploitation. Avoid using the `filename` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PandaXGO PandaX up to 20240310 **Description** A critical issue has been found in the File Extension Handler component, specifically in the /apps/system/router/upload.go file. The manipulation of the `file` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For PandaXGO PandaX up to 20240310, as a temporary workaround, consider restricting access to the upload functionality in the /apps/system/router/upload.go file until a patch is available. Avoid using the `file` argument in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions up to 1.10.1-lts **Description** A critical issue has been found in the function `baseApi.UpdateDeviceSwap` of the file `/api/v1/toolbox/device/update/swap`. The manipulation of the argument `Path` with a specific input leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply a patch to the affected version of 1Panel. As a temporary workaround, consider restricting access to the `/api/v1/toolbox/device/update/swap` endpoint until a patch is available. Avoid using the `Path` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ZhiCms version 4.0 **Description** A critical issue was found in the function `index` of the file `app/manage/controller/setcontroller.php`. The manipulation of the argument `sitename` leads to code injection. It is possible to launch the attack remotely. **Recommendations** For ZhiCms version 4.0, consider disabling the `index` function in the `setcontroller.php` file until a patch is available. Restrict access to the `setcontroller.php` file to minimize the risk of exploitation. Avoid using the `sitename` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.