Mike Huang

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology (affected versions not specified) Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete database contents. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology (affected versions not specified) Description: The 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. This issue enables attackers to upload malicious scripts and execute commands remotely. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.