Rabbit

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 do not confirm connection multiplexing in proxy-mode multiplexing sessions. Recommendations Update to version 10.3 or later.

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 may allow command execution through shell metacharacters present in a username specified within a command line. This requires an untrusted username on the command line and a non-default configuration of '%' in the ssh config file. Recommendations Update to OpenSSH version 10.3 or later.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 10.3 **Description** OpenSSH mishandles the `authorized keys` principals option in scenarios involving a principals list and a Certificate Authority (CA) that uses comma characters. A parsing error occurs where a comma in an SSH certificate principal name is incorrectly interpreted as a list separator rather than part of a string. This allows a user with a valid certificate from a trusted CA to bypass access controls and authenticate as root, effectively escalating low-privilege credentials to root access. The issue is caused by a code reuse error where the function handling the matching of cipher and key lists splits strings by commas and grants authentication if any fragment matches a subject value. Because the server perceives the authentication as legitimate, the attack does not trigger authentication failures in logs, making detection unreliable. **Recommendations** Update to version 10.3 or later.

**Name of the Vulnerable Software and Affected Versions** ywoa versions up to 2024.07.03 **Description** A critical issue has been found that affects the function `selectNoticeList` of the file `com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml`. The manipulation of the argument `sort` leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 2024.07.03, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider restricting access to the `selectNoticeList` function until the update is applied. Avoid using the `sort` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ywoa versions prior to 2024.07.04 **Description** A critical vulnerability was found in ywoa, affecting the `listNameBySql` function of the file `com/cloudweb/oa/mapper/xml/UserMapper.xml`. This vulnerability leads to SQL injection and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions prior to 2024.07.04, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider restricting access to the `listNameBySql` function of the `UserMapper.xml` file until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ywoa versions 2024.07.03 and earlier **Description** A problematic issue has been found in the function `extract` of the file `c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java` of the component `WXCallBack Interface`. The manipulation leads to an xml external entity reference. The attack may be initiated remotely. **Recommendations** For ywoa versions 2024.07.03 and earlier, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider disabling the `extract` function of the `WXCallBack Interface` component until the update is applied. Restrict access to the `XMLParse.java` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ywoa versions up to 2024.07.03 Description: A critical issue affects the function `selectList` of the file `com/cloudweb/oa/mapper/xml/AddressDao.xml`, leading to SQL injection. The attack may be initiated remotely. Recommendations: Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider disabling the `selectList` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ywoa versions up to 2024.07.03 **Description** A critical issue has been identified, affecting unknown code in the /oa/setup/setup.jsp file. This leads to improper authorization and can be exploited remotely. The issue has been publicly disclosed. **Recommendations** For versions up to 2024.07.03, upgrade to version 2024.07.04 to address this issue. As a temporary workaround, consider restricting access to the /oa/setup/setup.jsp file until the update is applied.

**Name of the Vulnerable Software and Affected Versions** JFinalOA versions prior to 2025.01.01 **Description** A cross-site scripting (XSS) issue in the "/apply/getEditPage?view" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of malicious code on the victim's browser, potentially leading to unauthorized actions or data theft. **Recommendations** For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/apply/getEditPage?view" interface until a patch is applied. Avoid using this interface with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JFinalOA versions prior to 2025.01.01 **Description** A cross-site scripting (XSS) issue in the `openSelectManyUserPage?orgid` interface of JFinalOA allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system. **Recommendations** For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the `openSelectManyUserPage?orgid` interface until a patch is applied. Avoid using the interface with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JFinalOA versions prior to 2025.01.01 **Description** A cross-site scripting (XSS) issue in the "getBusinessUploadListPage?busid" interface allows attackers to execute arbitrary web scripts or HTML via a crafted payload. This enables the execution of malicious code on the victim's browser, potentially leading to unauthorized actions or data theft. **Recommendations** For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the "getBusinessUploadListPage?busid" interface until a patch is applied. Avoid using this interface with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MSFM versions prior to 2025.01.01 **Description** The issue is related to a SQL injection vulnerability. It occurs via the `s name` parameter at the "table/list" endpoint. This allows for potential exploitation. **Recommendations** For MSFM versions prior to 2025.01.01, as a temporary workaround, consider restricting access to the `s name` parameter in the "table/list" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MSFM versions prior to 2025.01.01 **Description** A fastjson deserialization issue was discovered in the component system/table/addField. This issue affects MSFM and can be exploited via the `system/table/addField` component. **Recommendations** For MSFM versions prior to 2025.01.01, as a temporary workaround, consider disabling the `system/table/addField` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MSFM versions prior to 2025.01.01 **Description** A fastjson deserialization issue was found in the component system/table/add. This issue affects MSFM and can be exploited via the system/table/add component. **Recommendations** For versions prior to 2025.01.01, as a temporary workaround, consider restricting access to the system/table/add component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeeWMS versions prior to 2025.01.01 **Description** The issue is related to a permission bypass in the component /interceptors/AuthInterceptor.cava. This component is part of the JeeWMS system, and the bypass could potentially allow unauthorized access. **Recommendations** For versions prior to 2025.01.01, update to version 2025.01.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the /interceptors/AuthInterceptor.cava component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** JeeWMS versions prior to 2025.01.01 **Description** The issue is related to an arbitrary file upload vulnerability in the `parserXML()` method. This allows attackers to execute arbitrary code via uploading a crafted file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2025.01.01, as a temporary workaround, consider disabling the `parserXML()` method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229 **Description** A critical SQL injection vulnerability was found in the function `datagridGraph` of the file `/graphReportController.do`. The manipulation of the argument `store code` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229, upgrade to version 20250101 to address this issue. As a temporary workaround, consider restricting access to the `/graphReportController.do` file or disabling the `datagridGraph` function until the upgrade is applied. Avoid using the `store code` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Guangzhou Huayi Intelligent Technology Jeewms versions up to 20241229 **Description** A critical issue was found in the software, affecting the file /wmOmNoticeHController.do, which allows for path traversal using '../filedir'. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks. **Recommendations** For versions up to 20241229, upgrade to version 20250101 to address this issue. As a temporary workaround, consider restricting access to the /wmOmNoticeHController.do file until the upgrade is applied.

The vulnerable software is Guangzhou Huayi Intelligent Technology Jeewms, specifically versions up to 20241229. The vulnerability is a critical SQL injection issue that affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController.java. This vulnerability can be exploited remotely, and a public exploit has been disclosed, making it possible for attackers to use it. To address this issue, it is recommended to upgrade to version 20250101. The vulnerability has been assigned the CVE identifier CVE-2025-0391. #GuangzhouHuayiIntelligentTechnology #Jeewms #SQLInjection #CVE20250391 #RemoteExploitation #PublicExploit #UpgradeRecommended #CyberSecurity #VulnerabilityDisclosure

**Name of the Vulnerable Software and Affected Versions** FastAdmin versions prior to 1.3.4.20220530 **Description** A problematic issue exists in FastAdmin related to improper path restriction within the `/index/ajax/lang` component. This allows for path traversal, potentially enabling remote attackers to access sensitive information. The issue affects an unknown functionality within the `/index/ajax/lang` file, where manipulation of the `lang` parameter can lead to unauthorized data access. Reports indicate that approximately 14,000 instances may be affected yearly. Exploitation of this issue has been publicly disclosed and is being actively used to retrieve database details. The **API endpoint** `/index/ajax/lang` is involved, and the `lang` parameter is a **vulnerable parameter**. **Recommendations** Upgrade to FastAdmin version 1.3.4.20220530 or later.