Ltltlxey

**Name of the Vulnerable Software and Affected Versions** mdserver-web versions 0.18.0 through 0.18.4 **Description** mdserver-web contains a front-end unauthorized remote command execution (RCE) issue. The lack of authentication on the ' /modify crond' and '/start task' endpoints allows an attacker to modify and execute default built-in scheduled tasks. **Recommendations** Update mdserver-web to a version later than 0.18.4. As a temporary workaround, restrict access to the '/modify crond' and '/start task' endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LangBot versions 4.1.0 through 4.3.4 **Description** LangBot is a global IM bot platform designed for LLMs. Authorized attackers can exploit the `/api/v1/files/documents` interface to perform arbitrary file uploads. The interface does not strictly restrict the storage directory of files on the server, allowing the upload of dangerous files to specific system directories. The `files` parameter within the `/api/v1/files/documents` endpoint is vulnerable. **Recommendations** Update to version 4.3.5 or later.

**Name of the Vulnerable Software and Affected Versions** Termix versions 1.5.0 and below **Description** Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. The official Docker image, when configured with an Nginx reverse proxy, incorrectly retrieves the proxy's IP address instead of the client's IP address when using the `req.ip` method. This causes the `isLocalhost` function to consistently return True. As a result, the `/ssh/db/host/internal` API endpoint becomes directly accessible without requiring login or authentication. This endpoint stores sensitive SSH host information, including addresses, usernames, and passwords, creating a significant security risk. The `isLocalhost` function determines if a request originates from the local machine. **Recommendations** Update to Termix version 1.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** StreamVault versions prior to 250822 **Description** StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault system, an attacker can modify system parameters, construct malicious commands, and execute command injection attacks against the system, potentially gaining server privileges. Users who have not modified their background passwords or use weak passwords are at risk of remote system takeover. **Recommendations** Update StreamVault to version 250822 or later.

Name of the Vulnerable Software and Affected Versions: dpanel versions 1.2.0 through 1.7.2 Description: dpanel is a server management panel written in Go. Versions of the software allow authenticated users to read arbitrary files from the server via the `/api/app/compose/get-from-uri` API endpoint. The issue resides in the `GetFromUri` function within `app/application/http/controller/compose.go`, where the `uri` parameter is directly passed to `os.ReadFile` without sufficient validation or access control. This can lead to information disclosure as a logged-in attacker can read sensitive files from the host system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RatPanel versions 2.3.19 through 2.5.5 **Description** RatPanel is susceptible to remote code execution (RCE) and unauthorized access. An attacker who obtains the backend login path of RatPanel can execute system commands or take over hosts managed by the panel without logging in. This is due to the `CleanPath` middleware not processing `r.URL.Path`, leading to path misinterpretation and authentication bypass. Specifically, the vulnerability affects the `must login` middleware, allowing access to dangerous interfaces such as `/api/ws/exec` and `/api/ws/ssh`. Exploitation requires activating a session, but does not require completing the full authentication process. **Recommendations** RatPanel versions 2.3.19 through 2.5.5 are affected and should be updated to version 2.5.6 or later.

Name of the Vulnerable Software and Affected Versions: rebuild versions 3.9.0 through 3.9.3 Description: The issue is related to a SQL injection vulnerability in the /admin/admin-cli/exec component. Recommendations: For versions 3.9.0 through 3.9.3, consider disabling access to the /admin/admin-cli/exec component until a patch is available. Avoid using the /admin/admin-cli/exec component in these versions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: upset-gal-web version 7.1.0 Description: The issue concerns an arbitrary file read. It affects the /api/music/v1/cover.ts endpoint. Recommendations: For version 7.1.0, consider restricting access to the /api/music/v1/cover.ts endpoint until a patch is available. As a temporary workaround, avoid using the endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: owl-admin versions 3.2.2 through 4.10.2 Description: The issue is related to SQL Injection in the "/admin-api/system/admin menus/save order" API endpoint. Recommendations: For versions 3.2.2 through 4.10.2, consider disabling access to the "/admin-api/system/admin menus/save order" API endpoint until a patch is available.