Wiki

**Name of the Vulnerable Software and Affected Versions** Gosuncn Technology Group Audio-Visual Integrated Management Platform version 1.0 **Description** A critical vulnerability has been found in the Gosuncn Technology Group Audio-Visual Integrated Management Platform, affecting an unknown functionality of the file /sysmgr/user/listByPage. This manipulation leads to information disclosure and can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** As a temporary workaround, consider restricting access to the /sysmgr/user/listByPage file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SunGrow Logger1000 version 01 A **Description** A problematic issue has been found in the software, affecting some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. **Recommendations** For SunGrow Logger1000 version 01 A, consider implementing stronger password requirements to mitigate the risk of exploitation. As a temporary workaround, restrict access to sensitive areas of the system until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Gosuncn Technology Group Audio-Visual Integrated Management Platform version 4.0 **Description** A problematic issue was found in the Configuration File Handler component, specifically in the /config/config.properties file, leading to information disclosure. This can be exploited remotely. The issue has been publicly disclosed. **Recommendations** For Gosuncn Technology Group Audio-Visual Integrated Management Platform version 4.0, consider restricting access to the /config/config.properties file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** youyiio BeyongCms version 1.6.0 **Description** A critical vulnerability has been found in youyiio BeyongCms. The issue affects an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the `File` argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For youyiio BeyongCms version 1.6.0, consider disabling the upload functionality in the /admin/theme/Upload.html file until a patch is available. Restrict access to the Document Management Page to minimize the risk of exploitation. Avoid using the `File` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall versions 1.0 through 2.X **Description** A critical issue has been found, affecting the function `updateUserInfo` of the file `/personal/updateInfo` in the component `com.siro.mall.controller.mall.UserController`. The manipulation of the argument `userId` leads to improper access controls. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For StarSea99 starsea-mall versions 1.0 through 2.X, consider disabling the `updateUserInfo` function until a patch is available. Restrict access to the `/personal/updateInfo` endpoint to minimize the risk of exploitation. Avoid using the `userId` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 **Description** A critical issue has been found in the AMTT Hotel Broadband Operation System. It affects an unknown function of the file /manager/frontdesk/online status.php. The manipulation of the `AccountID` argument leads to sql injection. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For AMTT Hotel Broadband Operation System versions up to 3.0.3.151204, as a temporary workaround, consider restricting access to the /manager/frontdesk/online status.php file until a patch is available. Avoid using the `AccountID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 **Description** A vulnerability was found in the processing of the file /language.php, where the manipulation of the arguments `LangID`, `LangName`, and `LangEName` leads to cross-site scripting. The attack may be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For AMTT Hotel Broadband Operation System versions up to 3.0.3.151204, as a temporary workaround, consider restricting access to the /language.php file until a patch is available. Additionally, avoid using the arguments `LangID`, `LangName`, and `LangEName` in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System versions up to 2.0.1 **Description** A critical vulnerability was found in the software, affecting unknown code of the file /interlib/order/BatchOrder?cmdACT=admin order&xsl=adminOrder OrderList.xsl. The manipulation of the `bookrecno` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 2.0.1, update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the `/interlib/order/BatchOrder` endpoint until a patch is available. Avoid using the `bookrecno` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System versions up to 2.0.1 **Description** A critical issue has been found in the Interlib Library Cluster Automation Management System, affecting an unknown part of the file `/interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=`. The manipulation of the `sql` argument leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 2.0.1, update to the latest patched version immediately to mitigate risks. As a temporary workaround, consider restricting access to the `/interlib/admin/SysLib` endpoint until a patch is available. Avoid using the `sql` argument in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** open-scratch Teaching 在线教学平台 versions up to 2.7 **Description** A critical issue was found in the URL Handler component, specifically affecting the `/api/sys/ng-alain/getDictItemsByTable/` API endpoint. This issue leads to sql injection and can be initiated remotely. The exploit has been disclosed publicly. **Recommendations** For versions up to 2.7, as a temporary workaround, consider restricting access to the `/api/sys/ng-alain/getDictItemsByTable/` API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LyLme spage version 1.9.5 **Description** A critical issue affects the processing of the file /admin/apply.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For LyLme spage version 1.9.5, as a temporary workaround, consider restricting access to the /admin/apply.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LyLme spage version 1.9.5 **Description** A critical issue has been found in the code of the file /admin/tag.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For LyLme spage version 1.9.5, as a temporary workaround, consider restricting access to the `/admin/tag.php` file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LyLme spage version 1.9.5 **Description** A critical issue was found in LyLme spage, affecting an unknown function of the file /admin/sou.php. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For LyLme spage version 1.9.5, as a temporary workaround, consider restricting access to the /admin/sou.php file until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** HuankeMao SCRM versions up to 0.0.3 **Description** A critical issue has been found in the Administrator Backend component, specifically in the function `upload domain verification file` of the file `WxkConfig.php`. The manipulation of the argument `domain verification file` leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For HuankeMao SCRM versions up to 0.0.3, as a temporary workaround, consider disabling the `upload domain verification file` function until a patch is available. Restrict access to the `WxkConfig.php` file to minimize the risk of exploitation. Avoid using the `domain verification file` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xiaohe4966 TpMeCMS versions 1.3.3.1 and earlier Description: A problematic issue has been found in xiaohe4966 TpMeCMS, affecting some unknown functionality of the file "/index/ajax/lang". The manipulation of the `lang` argument leads to path traversal. The attack may be launched remotely. Recommendations: For xiaohe4966 TpMeCMS versions 1.3.3.1 and earlier, upgrade to version 1.3.3.2 to address this issue. As a temporary workaround, consider restricting access to the "/index/ajax/lang" file until the upgrade is applied. Avoid manipulating the `lang` argument in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 3.0.6 Description: A vulnerability was found in the Yunke Online School System, affecting the `downfile` function of the file `application/admin/controller/Appadmin.php`. The manipulation of the `url` argument leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For versions up to 3.0.6, as a temporary workaround, consider disabling the `downfile` function until a patch is available. Restrict access to the `application/admin/controller/Appadmin.php` file to minimize the risk of exploitation. Avoid using the `url` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System version 5.6.2 Description: A critical issue was found in the system, affecting the `GetDataKindByType` function of the file `/DataSrvs/UCCGSrv.asmx`. This issue leads to sql injection and can be exploited remotely. The exploit has been disclosed to the public. Recommendations: For version 5.6.2, as a temporary workaround, consider disabling the `GetDataKindByType` function until a patch is available. Restrict access to the `/DataSrvs/UCCGSrv.asmx` file to minimize the risk of exploitation. Avoid using parameters that may lead to sql injection in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Yunke Online School System versions up to 1.5.5 Description: A vulnerability was found in the Yunke Online School System, affecting the file `/admin/educloud/videobind.html`. This issue leads to the inclusion of sensitive information in the source code and can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. Recommendations: For versions up to 1.5.5, upgrade to version 1.5.6 to address this issue. As a temporary workaround, consider restricting access to the `/admin/educloud/videobind.html` file until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** FastAdmin versions prior to 1.3.4.20220530 **Description** A problematic issue exists in FastAdmin related to improper path restriction within the `/index/ajax/lang` component. This allows for path traversal, potentially enabling remote attackers to access sensitive information. The issue affects an unknown functionality within the `/index/ajax/lang` file, where manipulation of the `lang` parameter can lead to unauthorized data access. Reports indicate that approximately 14,000 instances may be affected yearly. Exploitation of this issue has been publicly disclosed and is being actively used to retrieve database details. The **API endpoint** `/index/ajax/lang` is involved, and the `lang` parameter is a **vulnerable parameter**. **Recommendations** Upgrade to FastAdmin version 1.3.4.20220530 or later.

**Name of the Vulnerable Software and Affected Versions** Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 **Description** A vulnerability has been found in the software, classified as problematic, and affects an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. **Recommendations** For Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805, as a temporary workaround, consider restricting access to the /report/ParkOutRecord/GetDataList file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.