N1N3B9S

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A problematic issue exists in xujeff tianti 天梯. The `exportOrder` function within the `/tianti-module-admin/user/ajax/save` file of the `com.jeff.tianti.controller` component is susceptible to CSV injection. This issue can be exploited remotely. The exploit has been publicly disclosed. Recommendations: Update to a version prior to 2.3.

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A critical issue exists in xujeff tianti 天梯, potentially leading to missing authorization. The vulnerability affects unknown code within the `/tianti-module-admin/user/ajax/save` API endpoint and can be exploited remotely. The exploit has been publicly disclosed. The vendor was notified but did not respond. Recommendations: Update to a version prior to 2.3 to address this issue.

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A vulnerability exists in macrozheng mall versions up to 1.0.3 due to an authorization bypass. The issue is related to the manipulation of the `orderId` argument within the `detail` function of the `UmsMemberController.java` file, part of the `com.macro.mall.portal.controller` component. The attack can be initiated remotely, and the exploit has been publicly disclosed. The vendor was contacted but did not respond. Recommendations: Versions prior to 1.0.3 should be updated. As a temporary workaround, restrict access to the `detail` function of the `UmsMemberController.java` file until a patch is available. Avoid using the `orderId` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions up to 1.0.3 **Description** A vulnerability exists in the Upload function of the /minio/upload file within the Add Product Page component. Manipulation of the `File` argument can lead to cross-site scripting (XSS). This issue is remotely exploitable. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.0.3: Address the vulnerability by sanitizing or validating the `File` argument within the `Upload` function of the `/minio/upload` file. As a temporary workaround, consider restricting file uploads to known safe types.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall versions up to 1.0.3 **Description** A vulnerability exists in macrozheng mall up to version 1.0.3, involving the cleartext transmission of sensitive information. The vulnerability affects an unknown functionality of the `/admin/login` file and can be exploited remotely. The complexity of the attack is high, and exploitation is considered difficult. The exploit has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macrozheng mall version 1.0.3 **Description** A problematic issue exists within the Admin Login component, leading to improper restriction of excessive authentication attempts. The attack can be launched remotely and is considered difficult to exploit. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Movie Theater Seat Reservation System version 1.0 **Description** A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System that is classified as critical. The vulnerability affects unknown code within the `/admin/manage seat.php` file. Manipulation of the `ID` argument leads to a SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/manage seat.php` file to minimize the risk of exploitation. Sanitize the `ID` parameter before using it in SQL queries.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Complaint Management System version 2.0 **Description** A problematic issue exists in PHPGurukul Complaint Management System 2.0. The issue involves cross-site request forgery due to manipulation of an unknown function. This allows for remote attacks. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Movie Theater Seat Reservation System version 1.0 **Description** A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System. The manipulation of the argument `Firstname`/`Lastname` in the `/index.php?page=reserve` endpoint of the Reserve Your Seat Page component leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** Campcodes Online Movie Theater Seat Reservation System version 1.0: Sanitize or properly validate the `Firstname` and `Lastname` arguments in the `/index.php?page=reserve` endpoint to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Complaint Management System version 2.0 **Description** A cross-site scripting issue exists in PHPGurukul Complaint Management System 2.0. The vulnerability is located in the `/admin/complaint-search.php` file. Manipulation of the `Search` parameter can lead to cross-site scripting. The exploit has been publicly disclosed. **Recommendations** Address the issue by sanitizing the `Search` parameter in the `/admin/complaint-search.php` file.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Movie Theater Seat Reservation System version 1.0 Description: A critical issue exists in Campcodes Online Movie Theater Seat Reservation System version 1.0. The `save movie` function within the `/admin/admin class.php` file is susceptible to unrestricted file upload due to manipulation of the `cover` argument. This allows for remote exploitation. The exploit has been publicly disclosed. Recommendations: Address the unrestricted file upload issue in the `save movie` function of the `/admin/admin class.php` file by validating and sanitizing the `cover` argument.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Online Movie Theater Seat Reservation System version 1.0 **Description:** A critical issue exists in Campcodes Online Movie Theater Seat Reservation System 1.0. The manipulation of the `ID` argument in the `/admin/manage theater.php` file leads to a SQL injection. This allows for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations:** Campcodes Online Movie Theater Seat Reservation System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Campcodes Online Movie Theater Seat Reservation System version 1.0 **Description:** A critical vulnerability exists in Campcodes Online Movie Theater Seat Reservation System version 1.0. The vulnerability is due to SQL injection in the `/admin/manage movie.php` file, specifically through manipulation of the `ID` argument. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations:** Campcodes Online Movie Theater Seat Reservation System version 1.0: Sanitize or validate the `ID` argument in the `/admin/manage movie.php` file to prevent SQL injection. As a temporary workaround, restrict access to the `/admin/manage movie.php` file.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Movie Theater Seat Reservation System version 1.0 Description: A critical vulnerability exists in Campcodes Online Movie Theater Seat Reservation System 1.0. The issue is related to SQL injection within an unknown functionality of the `/reserve.php` file. Manipulation of the `ID` argument can lead to remote exploitation. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Campcodes Online Movie Theater Seat Reservation System version 1.0 Description: A critical vulnerability exists in Campcodes Online Movie Theater Seat Reservation System 1.0. The vulnerability is due to SQL injection in an unknown functionality of the file `/manage reserve.php` when manipulating the `mid` argument. This allows for remote attacks. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.