Rookie1129

**Name of the Vulnerable Software and Affected Versions** Four-Faith Water Conservancy Informatization Platform versions prior to 2.3 **Description** A security issue exists in Four-Faith Water Conservancy Informatization Platform. The issue involves path traversal due to manipulation of the `fileName` argument in the file `/stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do`. This manipulation can be performed remotely. The exploit has been publicly disclosed. **Recommendations** Update to version 2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Jinher OA versions prior to 2.0 **Description** A security flaw exists in Jinher OA. The issue involves xml external entity reference within an unknown function of the file `/c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1`. Remote exploitation is possible. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.