Nobb

**Name of the Vulnerable Software and Affected Versions** EyouCMS versions up to 1.7.1 and 5.0 **Description** A flaw exists in EyouCMS related to unrestricted file upload. The issue is located within the `check userinfo` function of the `Diyajax.php` file, specifically in the Member Avatar Handler component. Manipulation of the `viewfile` argument can allow for unauthorized file uploads. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.7.1 and 5.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** dayrui XunRuiCMS versions up to 4.7.1 **Description** A cross site scripting issue exists in dayrui XunRuiCMS. The issue is related to an unknown functionality within the file `/admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0` of the Add Display Name Field component. Manipulation of the `data[name]` argument can lead to the execution of cross site scripting attacks remotely. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** Versions prior to 4.7.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** dayrui XunRuiCMS versions up to 4.7.1 **Description** A security issue exists in dayrui XunRuiCMS. The issue is related to cross site scripting, potentially allowing remote attacks. The manipulation of the `data[name]` argument in the file '/admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1' can trigger this issue. The exploit has been publicly disclosed. **Recommendations** Versions prior to 4.7.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** dayrui XunRuiCMS versions up to 4.7.1 **Description** A cross site scripting issue exists in dayrui XunRuiCMS. The issue is located in the Domain Name Binding Page, specifically within the file `/admin79f2ec220c7e.php?c=api&m=demo&name=mobile`. The attack can be performed remotely and is considered difficult to exploit. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 4.7.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** XunRuiCMS versions up to 4.7.1 **Description** A security flaw exists in XunRuiCMS, specifically within the Email Setting Handler component. The issue involves server-side request forgery, potentially allowing remote exploitation. The flaw is located in the file `/admind45f74adbd95.php?c=email&m=add`. Manipulation of this file can lead to server-side request forgery. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** Update XunRuiCMS to a version beyond 4.7.1.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS versions up to 2.5.5 **Description** A flaw exists in JIZHICMS that allows for SQL injection. This issue is located in the `commentlist` function within the `/index.php/admins/Comment/addcomment.html` file of the Add Display Name Field component. Manipulation of the `aid` or `tid` argument can trigger the injection. The attack can be performed remotely. The exploit has been publicly released. **Recommendations** Versions prior to 2.5.5 should be updated.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS versions up to 2.5.5 **Description** A flaw exists in JIZHICMS that could allow for SQL injection. The issue is located in the `deleteAll`, `findAll`, and `delete` functions within the `/index.php/admins/Comment/deleteAll.html` file of the Batch Delete Comments component. This issue can be exploited remotely. The details of the flaw have been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 2.5.5 should be updated.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS versions up to 2.5.5 **Description** A flaw exists in JIZHICMS that allows for cross site scripting. The issue is located in the Comment Handler component, specifically within the file `/index.php/admins/Comment/addcomment.html`. Manipulation of the `body` argument within an unknown function in this file can trigger the flaw. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update JIZHICMS to a version newer than 2.5.5.

**Name of the Vulnerable Software and Affected Versions** dayrui XunRuiCMS versions up to 4.7.1 **Description** A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file `admin79f2ec220c7e.php?c=api&m=test site domain` within the Project Domain Change Test component. Manipulation of the `v` parameter can trigger the flaw, allowing for remote exploitation. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** Versions prior to 4.7.1 should be used.