Qiangeg

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.114 **Description** The issue is related to an arbitrary file upload vulnerability in the /dede/file manage control.php file. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file. **Recommendations** For DedeCMS version 5.7.114, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the /dede/file manage control.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.114 **Description** The issue allows for the deletion of any file via the "mail file manage.php" script. This can potentially lead to significant data loss or system compromise. There is a mention of a Denial of Service (DoS) vulnerability, which could cause the system to crash. To prevent crashes, it is suggested to locate the affected function, analyze the code, and apply input validation and error handling. **Recommendations** For DedeCMS version 5.7.114, update to a patched version if available. As a temporary workaround, consider restricting access to the "mail file manage.php" script to minimize the risk of exploitation. Apply input validation and error handling to prevent crashes.

**Name of the Vulnerable Software and Affected Versions** POSCMS version 4.6.2 **Description** A Stored Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary code via a crafted payload to "/index.php?c=install&m=index&step=2&is install db=0". This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions. **Recommendations** For POSCMS version 4.6.2, as a temporary workaround, consider restricting access to the "/index.php?c=install&m=index&step=2&is install db=0" endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GreenCMS version 2.3 **Description** A stored cross-site scripting (XSS) issue exists in the `/install.php?m=install&c=index&a=step3` endpoint of GreenCMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. **Recommendations** For GreenCMS version 2.3, consider disabling access to the `/install.php?m=install&c=index&a=step3` endpoint until a patch is available. Restrict the use of the `a` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zzzcms version 2.2.0 **Description** The issue is related to an open redirect vulnerability. **Recommendations** For zzzcms version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** emlog version 2.1.9 **Description** The issue allows for Arbitrary file deletion via the `admintemplate.php` file. **Recommendations** For emlog version 2.1.9, consider restricting access to the `admintemplate.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.