P0Ison

**Name of the Vulnerable Software and Affected Versions** OTCMS versions up to 6.62 **Description** A vulnerability was found in OTCMS, affecting some unknown functionality of the file "/admin/read.php?mudi=announContent". The manipulation of the `url` argument leads to path traversal. The exploit has been disclosed to the public and may be used. **Recommendations** For OTCMS versions up to 6.62, consider restricting access to the "/admin/read.php" endpoint until a patch is available. As a temporary workaround, avoid using the `url` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OTCMS versions up to 6.62 **Description** A critical issue has been found in OTCMS, affecting the processing of the file /admin/read.php?mudi=getSignal. The manipulation of the `signalUrl` argument leads to server-side request forgery. This issue can be exploited remotely. **Recommendations** For OTCMS versions up to 6.62, consider disabling access to the /admin/read.php endpoint until a fix is available. As a temporary workaround, restrict the use of the `signalUrl` argument in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OTCMS versions up to 6.62 **Description** A problematic issue was found in OTCMS. It affects an unknown function of the file admin/readDeal.php, specifically the API endpoint "admin/readDeal.php?mudi=readQrCode". The manipulation of the `img` argument leads to path traversal, allowing access to '../filedir'. The issue has been publicly disclosed. **Recommendations** For OTCMS versions up to 6.62, as a temporary workaround, consider restricting access to the `admin/readDeal.php?mudi=readQrCode` endpoint to minimize the risk of exploitation. Avoid using the `img` argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OTCMS versions up to 6.62 **Description** A vulnerability has been found in an unknown functionality of the file usersNews deal.php. The manipulation of the `file` argument leads to path traversal, specifically '../filedir'. **Recommendations** For OTCMS versions up to 6.62, as a temporary workaround, consider restricting access to the usersNews deal.php file until a patch is available. Avoid using the `file` argument in the affected functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zhong Bang CRMEB versions up to 4.6.0 **Description** A critical issue affects the Image Upload component, specifically the file /api/wechat/app auth, leading to deserialization due to some unknown processing. **Recommendations** For versions up to 4.6.0, as a temporary workaround, consider restricting access to the /api/wechat/app auth API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zhong Bang CRMEB versions up to 4.6.0 **Description** A critical issue has been found, affecting the `get image base64` function of the file `api/controller/v1/PublicController.php`. This leads to server-side request forgery and can be launched remotely. The issue has been publicly disclosed. **Recommendations** For Zhong Bang CRMEB versions up to 4.6.0, as a temporary workaround, consider disabling the `get image base64` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zhong Bang CRMEB versions up to 4.6.0 **Description** A vulnerability was found in the function `put image` of the file `api/controller/v1/PublicController.php`. The manipulation leads to deserialization. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Zhong Bang CRMEB versions up to 4.6.0, as a temporary workaround, consider disabling the `put image` function until a patch is available. Restrict access to the `api/controller/v1/PublicController.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mccms versions up to 2.6.5 **Description** A critical issue affects the function `pic api` of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument `url` leads to server-side request forgery. The attack may be launched remotely. **Recommendations** For mccms versions up to 2.6.5, as a temporary workaround, consider disabling the `pic api` function until a patch is available. Restrict access to the `sys/apps/controllers/admin/Comic.php` file to minimize the risk of exploitation. Avoid using the argument `url` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mccms versions up to 2.6.5 **Description** A critical issue has been found, affecting the `pic save` function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the `pic` argument leads to server-side request forgery, which can be initiated remotely. **Recommendations** For versions up to 2.6.5, consider disabling the `pic save` function of the Comic.php file until a patch is available. Restrict access to the sys/apps/controllers/admin/Comic.php file to minimize the risk of exploitation. Avoid using the `pic` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OTCMS versions up to 6.62 **Description** A critical issue was discovered, affecting unknown code. The manipulation of the `username` and `password` arguments with the input `admin` leads to the use of a hard-coded password. **Recommendations** For OTCMS versions up to 6.62, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the login functionality until a patch is available. Avoid using the default `admin` credentials in the affected `username` and `password` fields until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YFCMF versions up to 3.0.4 **Description** A vulnerability has been found that affects unknown code in the file index.php, leading to path traversal. The manipulation can be initiated remotely, using '../filedir' to traverse paths. The exploit has been disclosed to the public and may be used. **Recommendations** For YFCMF versions up to 3.0.4, update to a version later than 3.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. Avoid using the '../filedir' path traversal in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YFCMF versions up to 3.0.4 **Description** A problematic issue affects the processing of the file app/admin/controller/Ajax.php. The manipulation of the `controllername` argument leads to path traversal, allowing an attacker to access files using '../filedir'. The attack can be initiated remotely. **Recommendations** For YFCMF versions up to 3.0.4, consider restricting access to the `Ajax.php` file in the `app/admin/controller` directory to minimize the risk of exploitation. As a temporary workaround, avoid using the `controllername` argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JIZHICMS version 2.4.5 **Description** A critical issue has been found, affecting the `index` function of the `TemplateController.php` file. The manipulation of the `webapi` argument leads to server-side request forgery, allowing for remote attacks. **Recommendations** For JIZHICMS version 2.4.5, consider disabling the `index` function of the `TemplateController.php` file or restricting the use of the `webapi` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.