Yanzhou-Felicity

#14707of 53,632
18.3Total CVSS
Vulnerabilities · 4
Medium
4
PT-2023-26720
5.4
2023-08-03
Jeesite · Jeesite · CVE-2023-38991
**Name of the Vulnerable Software and Affected Versions** jeesite version 1.2.6 **Description** An issue in the `delete` function in the `ActModelController` class allows authenticated attackers to arbitrarily delete models created by the Administrator. **Recommendations** For jeesite version 1.2.6, consider disabling the `delete` function in the `ActModelController` class until a patch is available to prevent arbitrary model deletion by authenticated attackers.
PT-2023-26719
4.3
2023-08-01
Jeesite · Jeesite · CVE-2023-38990
**Name of the Vulnerable Software and Affected Versions** jeesite version 1.2.6 **Description** An issue in the `delete` function in the `MenuController` class allows authenticated attackers to arbitrarily delete menus created by the Administrator. **Recommendations** For jeesite version 1.2.6, consider disabling the `delete` function in the `MenuController` class until a patch is available to prevent arbitrary deletion of menus. Restrict access to the `MenuController` class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2023-26718
4.3
2023-07-31
Jeesite · Jeesite · CVE-2023-38989
**Name of the Vulnerable Software and Affected Versions** jeesite version 1.2.6 **Description** An issue in the `delete` function in the `UserController` class allows authenticated attackers to arbitrarily delete the Administrator's role information. **Recommendations** For jeesite version 1.2.6, consider disabling the `delete` function in the `UserController` class until a patch is available to prevent arbitrary deletion of the Administrator's role information.
PT-2023-26717
4.3
2023-07-28
Jeesite · Jeesite · CVE-2023-38988
**Name of the Vulnerable Software and Affected Versions** jeesite version 1.2.6 **Description** An issue in the delete function in the OaNotifyController class allows authenticated attackers to arbitrarily delete notifications created by Administrators. **Recommendations** For jeesite version 1.2.6, consider disabling the delete function in the OaNotifyController class until a patch is available. Restrict access to the OaNotifyController class to minimize the risk of exploitation. Avoid using the delete function for notifications created by Administrators until the issue is resolved.