Lvzc2

**Name of the Vulnerable Software and Affected Versions** SingMR HouseRent version 1.0 **Description** A vulnerability was found in SingMR HouseRent, affecting unknown code of the file "/toAdminUpdateHousePage?hID=30". The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SingMR HouseRent version 1.0, consider disabling access to the "/toAdminUpdateHousePage?hID=30" endpoint until a patch is available. Restrict input to prevent cross site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** donglight bookstore versions 1.0.0 **Description** The issue affects the `BookSearchList` function in the `BookInfoController.java` file. It is caused by the manipulation of the `keywords` argument, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0.0, consider disabling the `BookSearchList` function until a patch is available. Restrict access to the `BookInfoController.java` file to minimize the risk of exploitation. Avoid using the `keywords` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** donglight bookstore电商书城系统说明 version 1.0.0 **Description** A vulnerability was found in the `updateUser` function of the file `src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java`. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0.0, as a temporary workaround, consider disabling the `updateUser` function until a patch is available. Restrict access to the `AdminUserControlle.java` file to minimize the risk of exploitation. Avoid using the `updateUser` function in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wander-chu SpringBoot-Blog version 1.0 **Description** A critical vulnerability was found in the HTTP POST Request Handler component, specifically affecting the `preHandle` function of the `BaseInterceptor.java` file. This leads to improper access controls, allowing remote attacks. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For wander-chu SpringBoot-Blog version 1.0, as a temporary workaround, consider disabling the `preHandle` function of the `BaseInterceptor.java` file until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wander-chu SpringBoot-Blog version 1.0 **Description** A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the `upload` function of the `AttachtController.java` file. The manipulation of the `file` argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For wander-chu SpringBoot-Blog version 1.0, as a temporary workaround, consider disabling the `upload` function of the `AttachtController.java` file until a patch is available. Restrict access to the Admin Attachment Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wander-chu SpringBoot-Blog version 1.0 **Description** A vulnerability was found in the function `modifiyArticle` of the file `src/main/java/com/my/blog/website/controller/admin/PageController.java` of the component Blog Article Handler. The manipulation of the argument `content` leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For wander-chu SpringBoot-Blog version 1.0, as a temporary workaround, consider disabling the `modifiyArticle` function until a patch is available. Restrict access to the Blog Article Handler component to minimize the risk of exploitation. Avoid using the `content` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SingMR HouseRent version 1.0 **Description** A critical issue has been found, affecting some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. This leads to improper access controls, and the attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SingMR HouseRent version 1.0, consider restricting access to the `AdminController.java` file until a patch is available. As a temporary workaround, review and strengthen access controls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SingMR HouseRent version 1.0 **Description** A critical vulnerability has been found in SingMR HouseRent. This issue affects the `singleUpload/upload` function of the file `src/main/java/com/house/wym/controller/AddHouseController.java`. The manipulation of the `file` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SingMR HouseRent version 1.0, as a temporary workaround, consider disabling the `singleUpload/upload` function until a patch is available. Restrict access to the `AddHouseController.java` file to minimize the risk of exploitation. Avoid using the `file` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions up to 11.10 **Description** A critical issue was found in Tongda OA, affecting an unknown function of the file /pda/appcenter/check seal.php. The manipulation of the `ID` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tongda OA versions up to 11.10, as a temporary workaround, consider restricting access to the /pda/appcenter/check seal.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 up to 11.10 **Description** A critical issue has been found in Tongda OA, affecting an unknown functionality of the file /module/word model/view/index.php. The manipulation of the `query str` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Tongda OA 2017 up to 11.10, consider disabling access to the /module/word model/view/index.php file or restricting the use of the `query str` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions up to 11.6 **Description** A critical issue has been found in Tongda OA, affecting some unknown processing of the file /pda/appcenter/web show.php. The manipulation of the argument `ID` leads to sql injection. The attack may be initiated remotely. **Recommendations** For Tongda OA versions up to 11.6, patch immediately to prevent exploitation and check for signs of compromise. As a temporary workaround, consider restricting access to the file /pda/appcenter/web show.php to minimize the risk of exploitation. Avoid using the argument `ID` in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions 2017 up to 11.9 **Description** A critical issue affects the processing of the file /pda/meeting/apply.php, where the manipulation of the `mr id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Tongda OA versions 2017 up to 11.9, as a temporary workaround, consider restricting access to the /pda/meeting/apply.php file until a patch is available. Avoid using the `mr id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions up to 11.10 **Description** A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Tongda OA versions up to 11.10, as a temporary workaround, consider restricting access to the /pda/approve center/check seal.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions up to 11.10 **Description** A critical issue has been found in Tongda OA, affecting an unknown function of the file /pda/approve center/prcs info.php. The manipulation of the `RUN ID` argument leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tongda OA versions up to 11.10, as a temporary workaround, consider restricting access to the /pda/approve center/prcs info.php file until a patch is available. Avoid using the `RUN ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions 2017 up to 11.9 **Description** A critical issue has been identified, affecting unknown code in the file /pda/reportshop/new.php. The manipulation of the `repid` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. **Recommendations** For Tongda OA versions 2017 up to 11.9, patch immediately to prevent remote exploitation. If patching is delayed, prioritize mitigations. As a temporary workaround, consider restricting access to the /pda/reportshop/new.php file and avoiding the use of the `repid` argument until a patch is available.