Sma11New

#9309of 53,630
29.4Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2023-25038
9.8
2023-06-14
Ujcms · Ujcms · CVE-2023-34865
**Name of the Vulnerable Software and Affected Versions** ujcms version 6.0.2 **Description** The issue allows attackers to perform directory traversal, enabling them to move files using the rename feature. **Recommendations** For ujcms version 6.0.2, consider restricting the rename feature to prevent file movement until a patch is available.
PT-2023-24473
5.4
2023-05-25
Mipjz · Mipjz · CVE-2023-33750
**Name of the Vulnerable Software and Affected Versions** mipjz version 5.0.5 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Description` parameter at "/index.php?s=/article/ApiAdminArticle/itemAdd". **Recommendations** For mipjz version 5.0.5, as a temporary workaround, consider restricting access to the "/index.php?s=/article/ApiAdminArticle/itemAdd" endpoint to minimize the risk of exploitation. Avoid using the `Description` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-24474
5.4
2023-05-25
Mipjz · Mipjz · CVE-2023-33751
**Name of the Vulnerable Software and Affected Versions** mipjz version 5.0.5 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `name` parameter at "/app/tag/controller/ApiAdminTagCategory.php". **Recommendations** For mipjz version 5.0.5, avoid using the `name` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/app/tag/controller/ApiAdminTagCategory.php" endpoint to minimize the risk of exploitation.
PT-2023-21191
8.8
2023-05-23
Unknown · Solarview Compact Sv-Cpt-Mc310 · CVE-2023-27521
**Name of the Vulnerable Software and Affected Versions** SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 SolarView Compact SV-CPT-MC310F versions prior to Ver.8.10 **Description** The issue allows remote authenticated attackers to execute an arbitrary OS command due to an OS command injection vulnerability in the mail setting page. **Recommendations** For SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, update to Ver.8.10 or later. For SolarView Compact SV-CPT-MC310F versions prior to Ver.8.10, update to Ver.8.10 or later.