Microvorld

Name of the Vulnerable Software and Affected Versions: Jpress versions prior to 5.1.1 Description: The issue allows for arbitrary file uploads on the Windows platform. This can lead to the construction of non-standard file formats, such as `.jsp`, which can result in arbitrary command execution. Recommendations: For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent the construction of non-standard file formats.

**Name of the Vulnerable Software and Affected Versions** Emlog Pro versions prior to 2.3.15 **Description** A remote code execution issue in the /admin/store.php component of Emlog Pro allows attackers to use remote file downloads and self-extract functions to upload webshells to the target server, obtaining system privileges. **Recommendations** For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/store.php component until a patch is applied. Avoid using the remote file download and self-extract functions in the affected component until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: jpress versions up to 5.1.1 Description: A critical vulnerability has been found in the Template Module Handler component of jpress, affecting an unknown functionality of the file /admin/template/edit. The manipulation leads to path traversal, and the attack can be launched remotely. Recommendations: For jpress versions up to 5.1.1, consider restricting access to the /admin/template/edit file until a patch is available. As a temporary workaround, avoid using the Template Module Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.