Routing_Love

**Name of the Vulnerable Software and Affected Versions** Sobey Media Convergence System versions 2.0 through 2.1 **Description** A path traversal issue exists in Sobey Media Convergence System versions 2.0 and 2.1. The issue is related to the manipulation of the `File` argument within the `/sobey-mchEditor/watermark/upload` file. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 2.0 should be used. Versions prior to 2.1 should be used.

**Name of the Vulnerable Software and Affected Versions** Chanjet CRM versions prior to 20251122 **Description** A SQL injection issue exists in Chanjet CRM. The issue is related to the manipulation of the `gblOrgID` parameter within the `/tools/jxf dump table demo.php` file. This manipulation affects an unknown function. The attack can be performed remotely. The exploit is publicly available. **Recommendations** Versions prior to 20251122 should be updated. Restrict access to the `/tools/jxf dump table demo.php` file. Avoid using the `gblOrgID` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Chanjet TPlus versions prior to 20251121 **Description** A flaw exists in Chanjet TPlus that allows for SQL injection. The issue is related to the manipulation of the `currentAccId` argument within the file '/tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load'. This manipulation occurs through the `/tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController` API endpoint. The attack can be initiated remotely. The exploit has been published. **Recommendations** Update Chanjet TPlus to a version later than 20251121.