Vulnplusbot

**Name of the Vulnerable Software and Affected Versions** h2oai h2o-3 versions prior to 7402 **Description** A weakness in the Rapids setproperty Primitive Handler allows remote attackers to perform manipulations that lead to improper access controls and remote code execution. This issue specifically affects the `exec()` function within the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** h2oai h2o-3 versions prior to 7402 **Description** A flaw in the JAR Handler component allows remote attackers to trigger deserialization by manipulating the `importBinaryModel()` function within the `h2o-core/src/main/java/hex/Model.java` file. Deserialization is a process where data is converted from a binary format back into an object, which can be exploited to execute unauthorized code if the input is not properly validated. **Recommendations** Update to a version later than 7402. As a temporary workaround, restrict access to the `importBinaryModel()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** h2oai h2o-3 versions prior to 7402 **Description** A remote information disclosure issue exists within the ImportFile API. The flaw is located in the `importFiles()` function of the `h2o-core/src/main/java/water/persist/PersistNFS.java` file, allowing an attacker to remotely access sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `importFiles()` function within the ImportFile API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 5.202506.d **Description** A business logic error exists in the Trade Payment Flow component within the file `publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java`. This issue affects the functions `TradeOrderController.pay()`, `TradePaymentController.pay()`, and `AccountGatewayComponent.pay()`, allowing for remote exploitation. **Recommendations** As a temporary workaround, consider restricting access to the functions `TradeOrderController.pay()`, `TradePaymentController.pay()`, and `AccountGatewayComponent.pay()` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Z-BlogPHP version 1.7.4.3430 **Description** An improper authorization issue exists in the Comment Approval Handler component. A remote attacker can manipulate the `CheckComment()` function within the 'zb system/function/c system event.php' file to bypass authorization controls. **Recommendations** As a temporary workaround, consider restricting access to the `CheckComment()` function in the 'zb system/function/c system event.php' file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 5.202506.d **Description** A template injection flaw exists in the templateResult API. The `execute()` function within the file `publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java` fails to properly neutralize special elements used in a template engine when processing the `templateContent` argument. This allows a remote attacker to manipulate the template engine. **Recommendations** As a temporary workaround, restrict access to the `execute()` function in the templateResult API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 5.202506.d **Description** A missing authentication issue exists in the Trade Address Query Handler component. A remote attacker can manipulate the `userId`/`id` arguments within the `execute()` function of the file `publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java` to bypass authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sanluan PublicCMS version 5.202506.d **Description** A remote attack is possible due to the use of a hard-coded cryptographic key. The issue exists within the `getSignKey()` function located in the `publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java` file, specifically when manipulating the `privatefile key` argument. **Recommendations** As a temporary workaround, consider restricting the use of the `getSignKey()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** kalcaddle Kodbox versions prior to 1.65 **Description** Command injection is possible via remote attack in the fileThumb Plugin. The issue exists within the `parseVideoInfo()` function located in the `/workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php` file, where improper manipulation of the `ffmpegBin` argument allows for the execution of arbitrary commands. **Recommendations** Update to a version later than 1.64. As a temporary workaround, restrict access to the fileThumb Plugin or the `parseVideoInfo()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Collabora KodExplorer versions prior to 4.53 **Description** Improper authorization exists in the 'fileUpload' endpoint within the '/app/controller/share.class.php' file. Manipulation of the `fileUpload` argument allows for remote exploitation. **Recommendations** Update to a version newer than 4.52. As a temporary workaround, restrict access to the 'fileUpload' endpoint in the '/app/controller/share.class.php' file.

**Name of the Vulnerable Software and Affected Versions** kodcloud KodExplorer versions prior to 4.53 **Description** A path traversal issue exists in the Public Share Handler component. Remote attackers can manipulate the `path` argument in the `initShareOld()` function located in the `/app/controller/share.class.php` file to access files and directories outside the intended folder. **Recommendations** Update to a version newer than 4.52. As a temporary workaround, restrict access to the `initShareOld()` function in the `/app/controller/share.class.php` file.

**Name of the Vulnerable Software and Affected Versions** kodcloud KodExplorer versions prior to 4.53 **Description** Improper authentication can be triggered remotely via the `fileGet()` function within the '/app/controller/share.class.php' file of the fileGet component. This occurs through the manipulation of the `fileUrl` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kodcloud KodExplorer versions prior to 4.53 **Description** A flaw in the `initInstall()` function within the '/app/controller/systemMember.class.php' file allows for authorization bypass. This occurs when the `path` argument is manipulated, enabling a remote attacker to bypass security checks. **Recommendations** Update to a version later than 4.52. As a temporary workaround, restrict access to the `initInstall()` function in the '/app/controller/systemMember.class.php' file.

**Name of the Vulnerable Software and Affected Versions** KodExplorer versions prior to 4.53 **Description** A weakness in the `roleGroupAction()` function within the '/app/controller/systemRole.class.php' file allows for remote authorization bypass. This occurs through the manipulation of the `group role` argument. **Recommendations** Update to a version newer than 4.52. As a temporary workaround, restrict access to the `roleGroupAction()` function in the '/app/controller/systemRole.class.php' file.

**Name of the Vulnerable Software and Affected Versions** PHPEMS version 11.0 **Description** An issue exists in the Instant Exam Creation Handler component within the `temppage` function of the '/app/exam/controller/exams.master.php' file. Remote manipulation of the `uploadfile` argument allows for server-side request forgery, a flaw where an attacker can induce the server-side application to make requests to an unintended location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osuuu LightPicture versions prior to 1.2.3 **Description** An issue exists in the API Upload Endpoint component involving the processing of the file '/public/install/lp.sql'. Remote manipulation of the `key` argument can lead to the exposure of hard-coded credentials. **Recommendations** Update to a version later than 1.2.2.

Name of the Vulnerable Software and Affected Versions kalcaddle kodbox versions up to 1.64 Description A server-side request forgery condition exists in the shareMake/shareCheck component of kalcaddle kodbox. Manipulation of the `siteFrom` and `siteTo` arguments can trigger the issue. The attack is possible remotely and has a high complexity, with difficult exploitability. The exploit is publicly available. Recommendations Update to a version beyond 1.64.

**Name of the Vulnerable Software and Affected Versions** kalcaddle kodbox version 1.64 **Description** A security flaw exists in kalcaddle kodbox version 1.64 related to improper authentication within the Password-protected Share Handler component. The issue resides in the `can` function of the file `/workspace/source-code/app/controller/explorer/auth.class.php`. A remote attacker with high complexity and difficult exploitability can manipulate the system. The exploit has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kalcaddle kodbox version 1.64 **Description** A flaw exists in the Public Share Handler component of kalcaddle kodbox. Specifically, the `Add` function within the file app/controller/explorer/userShare.class.php allows for unrestricted file uploads. This issue is remotely exploitable and is considered difficult to exploit, but a public exploit is available. The vendor was notified but did not respond. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `Add` function within the file app/controller/explorer/userShare.class.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kalcaddle kodbox version 1.64 **Description** A cross-site request forgery flaw exists in kalcaddle kodbox. The issue is located in the `/workspace/source-code/plugins/oauth/controller/bind/index.class.php` file, specifically within the `loginSubmit` API. Manipulation of the `third` argument can trigger the flaw. Exploitation is considered difficult and requires a high degree of complexity. The exploit has been publicly released. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.