S0L42

**Name of the Vulnerable Software and Affected Versions** UEditor versions up to 1.4.3.2 **Description** A cross site scripting issue exists in UEditor due to manipulation of the `callback` argument in the JSONP Callback Handler. The issue affects the processing of the file ''php/controller.php?action=uploadimage''. The attack can be initiated remotely and the exploit has been publicly disclosed. The vendor was contacted but did not respond. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** Versions prior to 1.4.3.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: neurobin shc versions through 4.0.3 Description: A security flaw has been discovered in neurobin shc up to version 4.0.3. The `make` function within the `src/shc.c` file of the Environment Variable Handler component is affected. Manipulation of this function results in operating system command injection. The attack is only possible with local access. The exploit has been released publicly and may be exploited. Recommendations: For versions through 4.0.3, consider disabling or restricting the use of the `make` function within the Environment Variable Handler component as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: neurobin shc versions up to 4.0.3 Description: A vulnerability was identified in the `make` function of the `src/shc.c` file, leading to a stack-based buffer overflow. The attack can only be performed locally. The exploit is publicly available and may be used. Recommendations: neurobin shc versions prior to 4.0.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: neurobin shc versions prior to 4.0.4 Description: A vulnerability exists in neurobin shc up to version 4.0.3. This issue affects the `make` function within the `src/shc.c` file of the Filename Handler component. Manipulation of this function can lead to OS command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Recommendations: Update neurobin shc to version 4.0.4 or later.

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A critical issue has been found in the Image File Handler component of the affected system, specifically in the file /admin/core/update student.php. The manipulation of the `old photo` argument leads to path traversal. This issue can be exploited remotely. Recommendations: For SourceCodester Student Result Management System version 1.0, as a temporary workaround, consider restricting access to the /admin/core/update student.php file until a patch is available. Avoid using the `old photo` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A critical issue has been identified, affecting the `unlink` function of the `update system.php` file in the Logo File Handler component. The manipulation of the `old logo` argument leads to path traversal. This issue can be exploited remotely. Recommendations: For SourceCodester Student Result Management System version 1.0, consider disabling the `unlink` function in the `update system.php` file until a patch is available. Restrict access to the Logo File Handler component to minimize the risk of exploitation. Avoid using the `old logo` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RuoYi-Vue versions up to 3.8.9 **Description** A problem was found in the Password Handler component, affecting some unknown functionality of the files ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue. This issue leads to cleartext storage of sensitive information in a cookie. The attack can be launched remotely, and the complexity of the attack is rather high. The exploitation is known to be difficult. **Recommendations** For versions up to 3.8.9, consider disabling the functionality related to the files ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the Password Handler component as a temporary workaround until a patch is available. Restrict access to sensitive information stored in cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kkFileView version 4.4.0 **Description** A critical issue affects an unknown part of the file /fileUpload. The manipulation of the `File` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For kkFileView version 4.4.0, as a temporary workaround, consider disabling the file upload functionality until a patch is available. Restrict access to the /fileUpload endpoint to minimize the risk of exploitation. Avoid using the `File` argument in the affected file upload functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** markparticle WebServer version 1.0 **Description** A critical issue was found in the Registration component of markparticle WebServer, affecting an unknown functionality of the file code/http/httprequest.cpp. The manipulation of the `username`/`password` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For markparticle WebServer version 1.0, as a temporary workaround, consider restricting access to the Registration component until a patch is available. Avoid using the `username` and `password` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** markparticle WebServer version 1.0 **Description** A critical vulnerability was found in the markparticle WebServer, affecting the function `Buffer::HasWritten` of the file code/buffer/buffer.cpp. The manipulation of the argument `writePos ` leads to a buffer overflow. This issue can be exploited remotely, and the exploit has been disclosed to the public. The attack may be launched remotely. **Recommendations** As a temporary workaround, consider disabling the `Buffer::HasWritten` function until a patch is available. Restrict access to the vulnerable module `code/buffer/buffer.cpp` to minimize the risk of exploitation. Avoid using the argument `writePos ` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** markparticle WebServer versions up to 1.0 **Description** A critical vulnerability has been found in the markparticle WebServer, affecting an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the `username`/`password` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For markparticle WebServer versions up to 1.0, consider disabling the Login component until a patch is available. Restrict access to the vulnerable code/http/httprequest.cpp file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected Login component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Lenve VBlog versions up to 1.0.0 Description: A critical issue was found, affecting the `configure` function of the `WebSecurityConfig.java` file. This leads to improper access controls, allowing remote attacks. The issue has been publicly disclosed and may be exploited. Recommendations: For versions up to 1.0.0, as a temporary workaround, consider restricting access to the `configure` function of the `WebSecurityConfig.java` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** qinguoyi TinyWebServer version 1.0 **Description** A vulnerability has been found in qinguoyi TinyWebServer, classified as critical. This issue affects unknown code of the file http/http conn.cpp. The manipulation of the argument `m url real` leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For qinguoyi TinyWebServer version 1.0, as a temporary workaround, consider restricting access to the `http/http conn.cpp` file until a patch is available. Avoid using the `m url real` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** qinguoyi TinyWebServer version 1.0 **Description** A critical issue was found in the software, affecting the file /http/http conn.cpp. The manipulation of the `name` and `password` arguments leads to sql injection. This issue can be exploited remotely. **Recommendations** For qinguoyi TinyWebServer version 1.0, as a temporary workaround, consider restricting access to the `/http/http conn.cpp` file until a patch is available. Avoid using the `name` and `password` arguments in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** qinguoyi TinyWebServer version 1.0 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /http/http conn.cpp. The manipulation of the `name` and `password` arguments leads to a stack-based buffer overflow. This issue can be exploited remotely. **Recommendations** For qinguoyi TinyWebServer version 1.0, as a temporary workaround, consider restricting access to the /http/http conn.cpp file until a patch is available. Avoid using the `name` and `password` arguments in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mannaandpoem OpenManus versions up to 2025.3.13 **Description** A problematic issue was found in the File Handler component, specifically affecting the `execute` function of the file `app/tool/file saver.py`. This leads to improper access controls. Local access is required for an attack. The issue has been publicly disclosed and may be exploited. **Recommendations** For mannaandpoem OpenManus versions up to 2025.3.13, as a temporary workaround, consider restricting access to the `execute` function of the `app/tool/file saver.py` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mannaandpoem OpenManus versions up to 2025.3.13 **Description** A critical issue has been discovered, affecting the Prompt Handler component, specifically the file app/tool/python execute.py. This issue leads to os command injection and can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** For mannaandpoem OpenManus versions up to 2025.3.13, as a temporary workaround, consider restricting access to the `python execute.py` file until a patch is available. Avoid using the `python execute.py` functionality in the Prompt Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lenve VBlog versions up to 1.0.0 **Description** A problematic issue was found in the `addNewArticle` function of the `ArticleService.java` file. The manipulation of the `mdContent` and `htmlContent` arguments leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For versions up to 1.0.0, consider disabling the `addNewArticle` function until a patch is available. Restrict access to the `ArticleService.java` file to minimize the risk of exploitation. Avoid using the `mdContent` and `htmlContent` arguments in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** lenve VBlog versions up to 1.0.0 **Description** A critical vulnerability has been found in the `uploadImg` function of the `ArticleController.java` file. The manipulation of the `filename` argument leads to path traversal, allowing for remote attacks. The exploit has been publicly disclosed. **Recommendations** For versions up to 1.0.0, as a temporary workaround, consider disabling the `uploadImg` function until a patch is available. Restrict access to the `uploadImg` function in the `ArticleController.java` file to minimize the risk of exploitation. Avoid using the `filename` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.