Mukyuuhate

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.3 **Description** An open redirect issue exists in the Third-Party Login component. The `HttpServletResponse.sendRedirect()` function within the file `jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java` does not properly validate the `state` argument, allowing remote attackers to redirect users to arbitrary external sites. Exploitation requires social engineering to induce a victim to click a specially crafted OAuth login link. This feature is optional and may not be enabled in all installations. **Recommendations** Update to a version later than 3.9.2. As a temporary mitigation, disable the Third-Party Login feature if it is not required for the project's operations.

**Name of the Vulnerable Software and Affected Versions** crmeb crmeb java version 1.4 **Description** An issue exists in the base64 Qrcode Endpoint within the `RestTemplate.getForEntity()` function of the `crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java` file. Remote attackers can manipulate the `url` argument to perform server-side request forgery (SSRF), a flaw that allows the server to be coerced into making unauthorized requests to internal or external resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the base64 Qrcode Endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** guchengwuyue yshopmall versions up to 1.9.1 **Description** A security flaw exists in guchengwuyue yshopmall up to version 1.9.1. The issue is related to unrestricted upload, stemming from manipulation of the `File` argument within the `updateAvatar` function located in the file '/api/users/updateAvatar' of the `co.yixiang.utils.FileUtil` component. This allows for remote exploitation. The exploit has been publicly released. The project maintainers were notified of the issue but have not yet responded. **Recommendations** Versions prior to 1.9.1 should be used. As a temporary workaround, consider restricting file upload capabilities until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jishenghua jshERP versions prior to 3.6 **Description** A path traversal issue exists in the `install` function of the `/jshERP-boot/plugin/installByPath` file within the `com.gitee.starblues.integration.operator.DefaultPluginOperator` component. Manipulation of the `path` argument can lead to path traversal. This issue is potentially exploitable remotely. The exploit has been publicly released. The project maintainers were notified but have not yet responded. **Recommendations** Versions prior to 3.6: Update to a newer version to address the vulnerability. As a temporary workaround, restrict access to the `/jshERP-boot/plugin/installByPath` endpoint. Avoid using untrusted input for the `path` parameter.

**Name of the Vulnerable Software and Affected Versions** jishenghua jshERP versions up to 3.6 **Description** A security issue exists in jishenghua jshERP. The `getBillItemByParam` function within the `com.jsh.erp.datasource.mappers.DepotItemMapperEx` component, specifically in the file `/jshERP-boot/depotItem/importItemExcel`, is susceptible to SQL injection. Manipulation of the `barCodes` argument can trigger this issue, and remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** Versions up to 3.6: Address the SQL injection issue in the `getBillItemByParam` function of the `com.jsh.erp.datasource.mappers.DepotItemMapperEx` component. As a temporary workaround, restrict or carefully sanitize input to the `barCodes` argument.

**Name of the Vulnerable Software and Affected Versions** jishenghua jshERP versions prior to 3.7 **Description** A flaw exists in jishenghua jshERP that allows for path traversal. This issue affects an unknown functionality within the `/jshERP-boot/plugin/uploadPluginConfigFile` file of the `PluginController` component. Manipulation of the `configFile` argument can lead to unauthorized access. The attack can be initiated remotely. **Recommendations** versions prior to 3.7: Update to version 3.7 or later. As a temporary workaround, restrict access to the `/jshERP-boot/plugin/uploadPluginConfigFile` file.

**Name of the Vulnerable Software and Affected Versions** guchengwuyue yshopmall versions up to 1.9.1 **Description** A flaw exists in the `getPage` function within the `/api/jobs` file that allows for SQL injection through manipulation of the `sort` argument. This issue can be exploited remotely. The exploit is publicly available. The project maintainers were notified but have not yet responded. **Recommendations** Versions up to 1.9.1 should be updated when a fix becomes available. As a temporary workaround, restrict access to the `/api/jobs` file or disable the `getPage` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sfturing hosp order (affected versions not specified) **Description** A flaw exists in the `findOrderHosNum` function located in the `/ssm pro/orderHos/` file. Manipulation of the `hospitalAddress`/`hospitalName` argument can lead to SQL injection. This issue is remotely exploitable. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yeqifu carRental (affected versions not specified) **Description** A path traversal issue exists due to the manipulation of the `path` argument within the `downloadShowFile` function located in `/file/downloadShowFile.action` of the `com.yeqifu.sys.controller.FileController` component. This allows for remote exploitation. The exploit has been publicly disclosed. The product utilizes a rolling release model, making specific version information unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.