Saul1213

**Name of the Vulnerable Software and Affected Versions** SSCMS version 4.7.0 **Description** A path traversal issue exists in SSCMS. The issue is located in an unknown function within the `LayerImageController.Submit.cs` file of the `layerImage` component. Manipulation of the `filePaths` argument in the `layerImage` endpoint can lead to path traversal. The exploit has been publicly disclosed. **API Endpoints** `/layerImage` **Vulnerable Parameters or Variables** `filePaths` **Recommendations** Update to a newer version of SSCMS that addresses this vulnerability. As a temporary workaround, restrict access to the `LayerImageController.Submit.cs` file or the `layerImage` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SSCMS version 7.4.0 **Description** A security flaw exists in SSCMS 7.4.0, specifically within the DDL Handler component, affecting unknown code in the SitesAddController.Submit.cs file. The issue involves SQL injection resulting from manipulation of the `tableHandWrite` argument. This allows for remote attacks. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SSCMS versions through 7.4.0 **Description** A flaw exists in SSCMS that allows for path traversal. This issue is related to the manipulation of the `path` argument within the `PathUtils.RemoveParentPath` function located in the file `/api/admin/plugins/install/actions/download`. Successful exploitation could allow for remote attacks. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not provide a response. **Recommendations** Versions prior to 7.4.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions up to 3.9.1 **Description** A flaw exists within JeecgBoot that allows for SQL injection. This issue is located in the `isExistSqlInjectKeyword` function within the `/jeecg-boot/sys/api/getDictItems` file. Successful exploitation could occur remotely. The details of the exploit have been publicly disclosed. **Recommendations** Update JeecgBoot to a version beyond 3.9.1.

**Name of the Vulnerable Software and Affected Versions** thinkgem JeeSite versions up to 5.15.1 **Description** A flaw exists in thinkgem JeeSite, potentially allowing for xml external entity reference. This issue is related to a function within the file `/com/jeesite/common/shiro/cas/CasOutHandler.java` of the Endpoint component. The attack can be performed remotely and is considered highly complex, with difficult exploitability. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** Versions prior to 5.15.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** thinkgem JeeSite versions up to 5.15.1 **Description** A path traversal issue exists in thinkgem JeeSite, specifically within the Connection Handler component. The issue allows for remote attacks with high complexity, though exploitability is considered difficult. The exploit details have been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** Update thinkgem JeeSite to a version beyond 5.15.1.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 6.202506.d **Description** A weakness exists in Sanluan PublicCMS 6.202506.d, specifically within the `saveMetadata` function of the `TemplateCacheComponent.java` file in the Template Cache Generation component. A manipulation can lead to a path traversal. The attack can be executed remotely. An exploit has been publicly released. The vendor was contacted prior to disclosure but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot version 3.9.0 **Description** A server-side request forgery condition exists in JeecgBoot 3.9.0. This issue is related to the file `/sys/common/uploadImgByHttp`. Manipulation of the `fileUrl` argument can lead to server-side request forgery. The attack can be initiated remotely. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dromara UJCMS version 101.2 **Description** A path traversal issue exists in Dromara UJCMS version 101.2. This is due to manipulation of the `deleteDirectory` function within the `WebFileTemplateController.delete` file of the Template Handler component. The attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dromara UJCMS version 10.0.2 **Description** A flaw exists in Dromara UJCMS version 10.0.2 within the ImportDataController component. Specifically, the `importChanel` function, located in the file `/api/backend/ext/import-data/import-channel`, is susceptible to injection due to manipulation of the `driverClassName` and `url` arguments. This issue can be exploited remotely. The details of the exploit have been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JeecgBoot versions prior to 3.9.0 **Description** A path traversal weakness exists in JeecgBoot. This issue affects some unknown functionality of the file `/airag/knowledge/doc/edit` within the Retrieval-Augmented Generation Module. Manipulation of the `filePath` argument can lead to path traversal, and the attack can be executed remotely. The exploit has been publicly released. The vendor was contacted but did not respond. **Recommendations** Update JeecgBoot to a version later than 3.9.0.