Purple-Wl

Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.0.1 Description: An arbitrary file deletion issue was found, allowing attackers to access sensitive information through the coreframeappattachmentadminindex.php file. Recommendations: For wuzhicms version 4.0.1, consider restricting access to the coreframeappattachmentadminindex.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Wuzhi CMS version 4.0.1 Description: The Wuzhi CMS backend in a .php file has an arbitrary file deletion issue. Attackers can exploit this to delete arbitrary files. Recommendations: For Wuzhi CMS version 4.0.1, consider restricting access to the vulnerable .php file in the backend until a patch is available. As a temporary workaround, monitor file system changes closely to detect potential unauthorized file deletions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.3.2 through 2.6 Description: A Server Side Request Forgery (SSRF) issue exists via the email function. When writing an email in an editor, it is possible to upload pictures from remote websites. Recommendations: For versions 2.3.2 through 2.6, as a temporary workaround, consider disabling the email function until a patch is available. Restrict access to the email editor to minimize the risk of exploitation. Avoid using the email function to upload pictures from remote websites until the issue is resolved.