Meng Yi Chou

Name of the Vulnerable Software and Affected Versions: 4MOSAn GCB Doctor (affected versions not specified) Description: The issue is related to improper user privilege control in the file upload function. A remote attacker can upload arbitrary files, including webshell files, without authentication and execute arbitrary code. This allows the attacker to perform arbitrary system operations or launch a denial of service attack. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 4MOSAn GCB Doctor (affected versions not specified) **Description** The issue is related to improper validation of Cookie on the login page, allowing an unauthenticated remote attacker to bypass authentication by code injection in the cookie. This enables the attacker to arbitrarily manipulate the system or interrupt services by uploading and executing arbitrary files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.