Mrdoulestar

Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: A vulnerability in the vae admin rule database table allows attackers to execute arbitrary code via a crafted payload in the `condition` parameter. Recommendations: For vaeThink version 1.0.1, consider restricting access to the vae admin rule database table until a patch is available. As a temporary workaround, avoid using the `condition` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: The issue concerns an arbitrary file upload vulnerability in the avatar upload function. This vulnerability allows attackers to open a webshell by changing the uploaded file suffixes to ".php". Recommendations: For vaeThink version 1.0.1, consider disabling the avatar upload function until a patch is available to prevent exploitation. Restrict access to the upload functionality to minimize the risk of attackers uploading malicious files. Avoid using the avatar upload feature with files that have the ".php" suffix until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Metinfo version 7.0.0 Description: The issue allows attackers to perform a directory traversal and access sensitive information through the /admin/index.php?n=system&c=filept&a=doGetFileList endpoint. Recommendations: For Metinfo version 7.0.0, as a temporary workaround, consider restricting access to the /admin/index.php?n=system&c=filept&a=doGetFileList endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metinfo version 7.0.0 **Description** The issue is related to a lack of access control in the /app/system/column/admin/index.class.php script of the Metinfo CMS system. This allows a remote attacker to escalate privileges by exploiting the vulnerability. Specifically, when a column is deleted, the `indeximg` parameter is also deleted, which can be used to gain elevated access. **Recommendations** For Metinfo version 7.0.0, consider disabling access to the /app/system/column/admin/index.class.php script until a patch is available to prevent exploitation of the `indeximg` parameter. Restricting access to this script can help minimize the risk of privilege escalation.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.2 **Description** A stored XSS issue exists, allowing potential exploitation via the `catname` parameter in the admin/category/edit.html page. **Recommendations** For YzmCMS version 5.2, update the software to a version that includes a fix for this issue, or as a temporary workaround, consider restricting access to the admin/category/edit.html page to minimize the risk of exploitation. Avoid using the `catname` parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.2 **Description** A stored XSS issue exists, allowing potential exploitation via the `value` parameter in the "admin/system manage/user config edit.html" API endpoint. **Recommendations** For YzmCMS version 5.2, consider restricting access to the `value` parameter in the "admin/system manage/user config edit.html" endpoint until a patch is available. As a temporary workaround, avoid using the `value` parameter in this endpoint to minimize the risk of exploitation.