Xieqiang

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.106 **Description** A critical issue was found, affecting the `UpDateMemberModCache` function of the file `uploads/dede/config.php`. This issue leads to unrestricted upload and can be exploited remotely. **Recommendations** For DedeCMS version 5.7.106, as a temporary workaround, consider disabling the `UpDateMemberModCache` function until a patch is available. Restrict access to the `uploads/dede/config.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBOS version 4.5.5 **Description** A critical issue was found in the htaccess Handler component, allowing for unrestricted upload. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For IBOS version 4.5.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** RockOA version 2.3.2 **Description** A critical issue was found in the `runAction` function of the file `acloudCosAction.php.SQL`. The manipulation of the `fileid` argument leads to unrestricted upload. It is possible to initiate the attack remotely. **Recommendations** For RockOA version 2.3.2, consider disabling the `runAction` function in the `acloudCosAction.php.SQL` file as a temporary workaround to prevent exploitation. Restrict access to the `fileid` argument to minimize the risk of unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this issue.