Xingyue_Mstir

Name of the Vulnerable Software and Affected Versions: Yonyou YonBIP MA2.7 Description: A vulnerability was found in the function `FileInputStream` of the file `/mobsm/common/userfile`. The manipulation of the argument `path` leads to path traversal. The attack can be launched remotely. Recommendations: For Yonyou YonBIP MA2.7, consider restricting access to the `FileInputStream` function in the `/mobsm/common/userfile` to minimize the risk of exploitation. As a temporary workaround, avoid using the `path` argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ghostxbh uzy-ssm-mall version 1.0.0 Description: A critical vulnerability has been found in ghostxbh uzy-ssm-mall, affecting the function `ForeProductListController` of the file `/mall/product/0/20`. The manipulation of the argument `orderBy` leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For ghostxbh uzy-ssm-mall version 1.0.0, as a temporary workaround, consider restricting access to the `ForeProductListController` function until a patch is available. Avoid using the `orderBy` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ghostxbh uzy-ssm-mall version 1.0.0 Description: A vulnerability was found in the software, classified as problematic. It leads to cross-site request forgery and can be launched remotely. The exploit has been disclosed to the public. Recommendations: For ghostxbh uzy-ssm-mall version 1.0.0, as a temporary workaround, consider implementing measures to prevent cross-site request forgery attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Fannuo Enterprise Content Management System versions 1.1 through 4.0 Description: A critical issue has been found in the Fannuo Enterprise Content Management System, affecting unknown code in the file admin/cms chip.php. The manipulation of the `del` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used. Recommendations: For versions 1.1 through 4.0, as a temporary workaround, consider restricting access to the admin/cms chip.php file until a patch is available. Avoid using the `del` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ghostxbh uzy-ssm-mall version 1.0.0 Description: A vulnerability was found in the processing of the file /product, where the manipulation of the `product name` argument leads to cross-site scripting. The attack may be initiated remotely. Recommendations: For ghostxbh uzy-ssm-mall version 1.0.0, as a temporary workaround, consider restricting access to the `/product` endpoint or sanitizing the `product name` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ghostxbh uzy-ssm-mall version 1.0.0 Description: A critical vulnerability was found in ghostxbh uzy-ssm-mall, affecting an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the `File` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For ghostxbh uzy-ssm-mall version 1.0.0, as a temporary workaround, consider disabling the file upload functionality in the /mall/user/uploadUserHeadImage endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `File` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WuzhiCMS version 4.1 Description: A critical issue was found in the Setting Handler component, specifically in the function Set of the file /index.php?m=attachment&f=index& su=wuzhicms&v=set&submit=1. The manipulation of the `Setting` argument leads to code injection. This issue can be exploited remotely. Recommendations: For WuzhiCMS version 4.1, as a temporary workaround, consider disabling the `Set` function in the Setting Handler component until a patch is available. Restrict access to the /index.php?m=attachment&f=index& su=wuzhicms&v=set&submit=1 endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lingdang CRM versions up to 8.6.4.3 **Description** A critical issue was found in the software, affecting an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the `userid` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For versions up to 8.6.4.3, as a temporary workaround, consider restricting access to the /crm/WeiXinApp/marketing/index.php endpoint, specifically the `getActionList` action, to minimize the risk of exploitation. Avoid using the `userid` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Lingdang CRM versions up to 8.6.4.3 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the `file` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For versions up to 8.6.4.3, as a temporary workaround, consider restricting access to the /crm/wechatSession/index.php file to minimize the risk of exploitation. Avoid using the `file` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Lingdang CRM versions up to 8.6.4.3 **Description** A problematic issue was found in Lingdang CRM, affecting an unknown part of the file /crm/data/pdf.php. The manipulation of the `url` argument with the input ../config.inc.php leads to path traversal. This issue can be initiated remotely. **Recommendations** For versions up to 8.6.4.3, as a temporary workaround, consider restricting access to the /crm/data/pdf.php file until a patch is available. Avoid using the `url` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YouDianCMS version 7 **Description** A critical issue has been found, affecting the `curl exec` function in the file `/App/Core/Extend/Function/ydLib.php`. The manipulation of the `url` argument leads to server-side request forgery. This issue can be exploited remotely. The vendor was contacted about this issue but did not respond. **Recommendations** For YouDianCMS version 7, as a temporary workaround, consider disabling the `curl exec` function in the `/App/Core/Extend/Function/ydLib.php` file until a patch is available. Restrict access to the `ydLib.php` file to minimize the risk of exploitation. Avoid using the `url` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YouDianCMS version 7 **Description** A critical issue was found in an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image upload.php. The manipulation of the `files` argument leads to unrestricted upload. It is possible to launch the attack remotely. The issue has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For YouDianCMS version 7, consider disabling the file upload functionality in the `/Public/ckeditor/plugins/multiimage/dialogs/image upload.php` file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the `files` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** YouDianCMS version 7 **Description** A problematic issue has been found in the processing of the file "/t.php?action=phpinfo", leading to information disclosure. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For YouDianCMS version 7, consider restricting access to the "/t.php?action=phpinfo" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xinhu RockOA version 2.6.2 **Description** A critical issue was found in the function `dataAction` of the file `/webmain/task/openapi/openmodhetongAction.php`. The manipulation of the argument `nickName` leads to sql injection. The attack can be initiated remotely. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Xinhu RockOA version 2.6.2, as a temporary workaround, consider restricting access to the `dataAction` function in the `/webmain/task/openapi/openmodhetongAction.php` file until a patch is available. Avoid using the `nickName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** F-logic DataCube3 version 1.0 **Description** A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the `ntp server` argument leads to os command injection. This issue can be exploited remotely. **Recommendations** For F-logic DataCube3 version 1.0, as a temporary workaround, consider restricting access to the /admin/config time sync.php file until a patch is available. Avoid using the `ntp server` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.