Sh7Err05

**Name of the Vulnerable Software and Affected Versions** Yohann0617 oci-helper versions through 3.2.4 **Description** A path traversal weakness exists in Yohann0617 oci-helper up to version 3.2.4. The issue is located within the `addCfg` function of the OCI Configuration Upload component, specifically in the file `src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java`. Manipulation of the `File` argument can lead to path traversal, allowing for remote exploitation. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Versions prior to 3.2.4 should be updated. As a temporary workaround, restrict access to the `addCfg` function until a patch is available. Avoid using the `File` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** moxi159753 Mogu Blog v2 versions up to 5.2 **Description** A security issue exists in moxi159753 Mogu Blog v2. The `FileOperation.unzip` function within the ZIP File Handler component, located in the `/networkDisk/unzipFile` file, is susceptible to path traversal due to manipulation of the `fileUrl` argument. This allows for remote attacks. The exploit for this issue has been publicly disclosed. The vendor was informed of this disclosure but did not provide a response. **Recommendations** Versions up to 5.2: Address the path traversal issue in the `FileOperation.unzip` function by validating the `fileUrl` argument to prevent manipulation. As a temporary workaround, restrict access to the `/networkDisk/unzipFile` file.