Sh7Err

**Name of the Vulnerable Software and Affected Versions** Dreampie Resty versions up to 1.3.1.SNAPSHOT **Description** A security issue exists in Dreampie Resty. Manipulation of the `filename` argument within the `Request` function, located in the file `/resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java` of the HttpClient Module, can lead to a path traversal condition. This issue is considered highly complex to exploit, but the exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 1.3.1.SNAPSHOT should be used. As a temporary workaround, consider restricting access to the `Request` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WeiYe-Jing datax-web versions up to 2.1.2 **Description** A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the `remove`, `update`, `pause`, `start`, and `triggerJob` functions. This issue results in improper access controls, potentially allowing for remote exploitation. The exploit is publicly available. **Recommendations** Versions prior to 2.1.2 should be updated. As a temporary workaround, consider disabling the `remove`, `update`, `pause`, `start`, and `triggerJob` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WeiYe-Jing datax-web versions up to 2.1.2 **Description** A flaw exists in WeiYe-Jing datax-web that can lead to SQL injection. The issue is present in an unknown function and may be exploited remotely by executing manipulation. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pojoin h3blog version 1.0 **Description** A flaw exists in pojoin h3blog version 1.0 where manipulation of the `Name` argument in an unknown function within the file '/admin/cms/material/add' can lead to cross site scripting. This issue is potentially exploitable remotely. The exploit has been publicly disclosed. **Recommendations** Apply any available updates to address this issue. As a temporary workaround, consider restricting access to the '/admin/cms/material/add' file.