Lvzc3

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A vulnerability was found in JoeyBling bootplus, affecting some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A critical vulnerability has been found in JoeyBling bootplus. The issue affects an unknown functionality of the file /admin/sys/role/list. The manipulation of the `sort` argument leads to SQL injection. This can be exploited remotely. **Recommendations** As a temporary workaround, consider restricting access to the /admin/sys/role/list file until a fix is available. Avoid using the `sort` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A critical issue affects some unknown functionality of the file /admin/sys/log/list. The manipulation of the `logId` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A critical issue has been found in JoeyBling bootplus, affecting an unknown part of the file /admin/sys/user/list. The manipulation of the `sort` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** As a temporary workaround, consider disabling the `sort` argument in the /admin/sys/user/list file until a patch is available. Restrict access to the /admin/sys/user/list file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A critical vulnerability was found in JoeyBling bootplus, allowing for unrestricted file upload. The issue is related to the manipulation of the `portraitFile` argument in the unknown code of the file src/main/java/io/github/controller/SysFileController.java. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** For JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d, as a temporary workaround, consider restricting access to the `portraitFile` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A problematic issue has been found in JoeyBling bootplus, affecting the processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the `name` argument leads to path traversal. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider restricting access to the `SysFileController.java` file until a fix is available. Avoid using the `name` argument in the affected controller until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A problematic issue was found in the `qrCode` function of the `QrCodeController.java` file. The manipulation of the `w/h` argument leads to resource consumption. This issue can be exploited remotely. **Recommendations** As a temporary workaround, consider disabling the `qrCode` function until a fix is available. Restrict access to the `QrCodeController.java` file to minimize the risk of exploitation. Avoid using the `w/h` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A vulnerability has been found in the `qrCode` function of the file `src/main/java/io/github/controller/QrCodeController.java`. The manipulation of the `text` argument leads to an open redirect. The attack can be launched remotely. **Recommendations** As a temporary workaround, consider disabling the `qrCode` function until a fix is available. Restrict access to the `QrCodeController.java` file to minimize the risk of exploitation. Avoid using the `text` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d **Description** A critical issue has been found, allowing for remote SQL injection. The manipulation of the `sort/order` argument in an unknown function of the file `/admin/sys/menu/list` leads to this issue. The exploit has been disclosed publicly and can be used remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/sys/menu/list` endpoint until a fix is available. Avoid using the `sort/order` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical issue affects the function `GoodsDaoImpl` of the file `src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java`. The manipulation of the argument `goodsName` leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `GoodsDaoImpl` function until a patch is available. Avoid using the `goodsName` argument in the affected `GoodsController.java` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical vulnerability has been found in the function `SubjectDaoImpl` of the file `src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java`. The manipulation of the argument `subname` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `SubjectDaoImpl` function or restricting access to the `subname` argument until a patch is available. As a temporary workaround, avoid using the `subname` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical vulnerability has been found in the function `EquipmentDaoImpl` of the file `src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java`. The manipulation of the argument `hyname` leads to SQL injection. The attack can be launched remotely. A public exploit has been disclosed, making it potentially usable by attackers. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the `EquipmentDaoImpl` function until a patch is available. Avoid using the `hyname` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical issue has been found in the function `LoosDaoImpl` of the file `src/main/java/com/liujian/gymxmjpa/controller/LoosController.java`. The manipulation of the argument `loosName` leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider disabling the `LoosDaoImpl` function until a patch is available. Restrict access to the `loosName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical vulnerability has been found in the function `MembertypeDaoImpl` of the file `src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java`. The manipulation of the argument `typeName` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For version 1.0, consider disabling the `MembertypeDaoImpl` function or restricting access to the `typeName` argument until a patch is available. As a temporary workaround, avoid using the `typeName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical vulnerability has been found that affects the MenberDaoInpl function in the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the `hyname` argument leads to SQL injection. The attack can be initiated remotely. A public exploit for this vulnerability has been disclosed, which may be used by attackers to exploit the vulnerability. **Recommendations** As a temporary workaround, consider restricting access to the MenberDaoInpl function until a patch is available. Avoid using the `hyname` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** liujianview gymxmjpa version 1.0 **Description** A critical vulnerability has been found in the CoachController function of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the `coachName` argument leads to SQL injection. The attack can be initiated remotely. The details of the exploit are available to the public, which means it may be used by attackers. **Recommendations** As a temporary workaround, consider disabling the CoachController function until a patch is available. Restrict access to the `coachName` argument in the CoachController function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.