Ppsoft1990

Name of the Vulnerable Software and Affected Versions: WUZHI CMS versions up to and including 4.1.0 Description: A Cross Site Scripting (XSS) issue exists in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. This allows for potential malicious script execution. Recommendations: For WUZHI CMS versions up to and including 4.1.0, consider disabling the config function in coreframe/app/attachment/libs/class/ckditor.class.php as a temporary workaround until a patch is available. Restrict access to the coreframe/app/attachment/libs/class/ckditor.class.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WUZHI CMS versions up to and including 4.1.0 Description: A blacklist bypass issue exists in the common.func.php file, which can cause remote code execution when uploaded. Recommendations: For WUZHI CMS versions up to and including 4.1.0, consider disabling the upload functionality in common.func.php until a patch is available. Restrict access to the common.func.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Winmail version 6.5 Description: A Server-Side Request Forgery (SSRF) issue exists in the app.php file, specifically in the `key` parameter when HTTPS is enabled. This allows an attacker to manipulate the server into sending a request to a specific URL. Furthermore, an attacker can modify the `HOST` value in the request header to control where the server sends the request. Recommendations: For Winmail version 6.5, as a temporary workaround, consider restricting access to the `app.php` file or disabling the `key` parameter when HTTPS is on until a patch is available. Additionally, restrict modifications to the `HOST` header value to prevent unauthorized requests.

Name of the Vulnerable Software and Affected Versions: Winmail version 6.5 Description: A reflected XSS issue exists in the tohtml/convert.php file, allowing JavaScript code to be executed. Recommendations: For Winmail version 6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MetInfo versions 6.x through 6.1.3 **Description** The issue allows for XSS via the "/admin/login/login check.php" API endpoint, specifically through the `url array[]` parameter. **Recommendations** For MetInfo versions 6.x through 6.1.3, avoid using the `url array[]` parameter in the "/admin/login/login check.php" API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Z-BlogPHP version 1.5.2.1935 **Description** The issue allows remote attackers to execute arbitrary PHP code due to a CSRF vulnerability in the zb users/plugin/AppCentre/theme.js.php file. **Recommendations** For Z-BlogPHP version 1.5.2.1935, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 SP2 **Description** A reflected XSS issue exists due to the "ftype" parameter in the "/member/myfriend.php" API endpoint. **Recommendations** For DedeCMS version 5.7 SP2, consider restricting access to the "/member/myfriend.php" endpoint or avoiding the use of the `ftype` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 SP2 **Description** The issue allows for XSS attacks via the "/member/uploads select.php" endpoint for the `keyword` parameter. **Recommendations** For DedeCMS version 5.7 SP2, as a temporary workaround, consider restricting access to the "/member/uploads select.php" endpoint or sanitizing the `keyword` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 SP2 **Description** The issue allows for XSS attacks through the `GetPageList` function defined in the `datalistcp.class.php` file. This function is used to display page numbers at the bottom of certain templates. Attacks can be demonstrated via the `PATH INFO` to various endpoints, such as "/member/index.php", "/member/pm.php", "/member/content list.php", or "/plus/feedback.php". **Recommendations** For DedeCMS version 5.7 SP2, consider disabling the `GetPageList` function until a patch is available to prevent potential XSS attacks. Restrict access to the `datalistcp.class.php` file to minimize the risk of exploitation. Avoid using the affected templates that utilize the `GetPageList` function for displaying page numbers.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 SP2 **Description** The issue allows for XSS attacks via the `type` parameter in the `plus/qrcode.php` endpoint. **Recommendations** For DedeCMS version 5.7 SP2, update the `plus/qrcode.php` file to properly sanitize the `type` parameter to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7 SP2 **Description** A reflected XSS issue exists, allowing potential exploitation via the "folder" parameter in the /member/pm.php endpoint. **Recommendations** For DedeCMS version 5.7 SP2, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to the /member/pm.php endpoint to minimize the risk of exploitation.