Yen Chun Shen

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** A missing authorization issue allows remote attackers to modify system settings without prior authorization. **Recommendations** For versions prior to 7.3.2025.0408, update to a version that includes the necessary authorization checks to prevent unauthorized modification of system settings.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** The issue allows remote attackers to obtain partial files by specifying arbitrary file paths due to an external control of file name or path vulnerability in the download file function. **Recommendations** For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, consider restricting access to the download file function until a patch is available. As a temporary workaround, avoid using the download file function with arbitrary file paths to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** The issue concerns an unrestricted upload of files with dangerous types in the upload file function, allowing remote attackers to execute arbitrary system commands via a malicious file. **Recommendations** For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, consider restricting or disabling the upload file function until a fix is available to prevent the execution of arbitrary system commands.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** The issue concerns an external control of file name or path vulnerability in the delete file function. This allows remote attackers to delete partial files by specifying arbitrary file paths. **Recommendations** For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, consider restricting access to the delete file function until a patch is available. As a temporary workaround, limit the ability to specify arbitrary file paths in the delete file function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** A deserialization of untrusted data issue in the download file function allows remote attackers to execute arbitrary system commands via a crafted serialized object. **Recommendations** For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the download file function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 **Description** A missing authentication for critical function vulnerability in the client application allows remote attackers to bypass authentication and access application functions. **Recommendations** For Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408, update to a version that includes the necessary authentication for critical functions to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Corporate Training Management System versions prior to 10.13 **Description** A vulnerability in the epaper draft function of the Corporate Training Management System allows remote authenticated users to bypass file upload restrictions and execute arbitrary system commands with SYSTEM privilege via a crafted ZIP file. This issue is related to an unrestricted upload of files with dangerous types. **Recommendations** For versions prior to 10.13, update to version 10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the epaper draft function to minimize the risk of exploitation. Additionally, avoid using the epaper draft function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Hamastar MeetingHub Paperless Meetings version 2021 Description: A vulnerability in the meeting management function allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. This is due to an unrestricted upload of files with dangerous types. Recommendations: For Hamastar MeetingHub Paperless Meetings version 2021, consider restricting the upload of files to only those with safe extensions to prevent exploitation. As a temporary workaround, restrict access to the meeting management function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hamastar MeetingHub Paperless Meetings version 2021 Description: A Plaintext Storage of a Password issue in the ebooknote function allows remote attackers to obtain other users' credentials and gain access to the product via an XML file. Recommendations: For Hamastar MeetingHub Paperless Meetings version 2021, consider disabling the ebooknote function until a patch is available to prevent remote attackers from obtaining user credentials. Restrict access to XML files to minimize the risk of exploitation.