Yuan Lirong

**Name of the Vulnerable Software and Affected Versions** Wondershare Technology Co.,Ltd Creative Centerr version 1.0.8 **Description** An issue in the software allows a remote attacker to execute arbitrary commands via the wondershareCC setup full10819.exe file. **Recommendations** For version 1.0.8, consider removing or restricting access to the wondershareCC setup full10819.exe file to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Repairit version 3.5.4 **Description** An issue in Wondershare Repairit allows a remote attacker to execute arbitrary commands via the repairit setup full5913.exe file. **Recommendations** For version 3.5.4, consider removing or restricting access to the repairit setup full5913.exe file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Recoverit version 10.6.3 **Description** An issue in Wondershare Recoverit allows a remote attacker to execute arbitrary commands via the recoverit setup full4134.exe file. **Recommendations** For version 10.6.3, consider removing or restricting access to the recoverit setup full4134.exe file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Anireel version 1.5.4 **Description** An issue in Wondershare Anireel allows a remote attacker to execute arbitrary commands via the `anireel setup full9589.exe` file. **Recommendations** For Wondershare Anireel version 1.5.4, consider removing or restricting access to the `anireel setup full9589.exe` file to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Dr.Fone version 12.4.9 **Description** An issue in Wondershare Dr.Fone allows a remote attacker to execute arbitrary commands via the drfone setup full3360.exe file. **Recommendations** For version 12.4.9, consider removing or restricting access to the drfone setup full3360.exe file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare PDFelement version 9.1.1 **Description** An issue in Wondershare PDFelement allows a remote attacker to execute arbitrary commands via the pdfelement-pro setup full5239.exe file. **Recommendations** For Wondershare PDFelement version 9.1.1, consider removing or restricting access to the pdfelement-pro setup full5239.exe file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Technology Co.,Ltd PDF Reader version 1.0.1 **Description** An issue in Wondershare Technology Co.,Ltd PDF Reader allows a remote attacker to execute arbitrary commands via the `pdfreader setup full13143.exe` file. **Recommendations** For Wondershare Technology Co.,Ltd PDF Reader version 1.0.1, consider removing or restricting access to the `pdfreader setup full13143.exe` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Edraw-max version 12.0.4 **Description** An issue in Wondershare Edraw-max allows a remote attacker to execute arbitrary commands via the edraw-max setup full5371.exe file. **Recommendations** For version 12.0.4, consider removing or restricting access to the edraw-max setup full5371.exe file to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Edrawmind version 10.0.6 **Description** An issue in Edrawmind allows a remote attacker to execute arbitrary commands via the WindowsCodescs.dll file. **Recommendations** For Edrawmind version 10.0.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare Filmora version 12.0.9 **Description** An issue in Wondershare Filmora allows a remote attacker to execute arbitrary commands via the filmora setup full846.exe. **Recommendations** For version 12.0.9, consider removing or restricting access to the filmora setup full846.exe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare UniConverter version 14.0.0 **Description** An issue in Wondershare UniConverter allows a remote attacker to execute arbitrary commands via the uniconverter14 64bit setup full14204.exe file. **Recommendations** For Wondershare UniConverter version 14.0.0, consider removing or restricting access to the uniconverter14 64bit setup full14204.exe file as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare DemoCreator version 6.0.0 **Description** An issue in DemoCreator allows a remote attacker to execute arbitrary commands via the democreator setup full7743.exe file. **Recommendations** For version 6.0.0, consider removing or restricting access to the democreator setup full7743.exe file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare MobileTrans version 4.0.2 **Description** An issue in Wondershare MobileTrans allows a remote attacker to execute arbitrary commands via the mobiletrans setup full5793.exe file. **Recommendations** For version 4.0.2, consider removing or restricting access to the mobiletrans setup full5793.exe file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG version 8.5.0.17807 **Description** The issue is related to Cross Site Scripting (XSS), which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into a website or application. **Recommendations** For version 8.5.0.17807, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG version 8.5.0.17807 **Description** The issue is related to a weak password, which can potentially be exploited. There is no information provided about the estimated number of affected devices or real-world incidents. **Recommendations** For version 8.5.0.17807, update the password to a stronger one to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Feishu version 3.40.3 **Description** An untrusted search path issue was discovered in the software. **Recommendations** For version 3.40.3, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2022 **Description** The issue is related to a SQL injection vulnerability. It occurs via the `keyword` parameter at the "/admin/baojia list.php" API endpoint. **Recommendations** For ZZCMS version 2022, avoid using the `keyword` parameter in the "/admin/baojia list.php" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/admin/baojia list.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2022 **Description** An absolute path traversal issue allows attackers to obtain sensitive information via a crafted GET request sent to "/one/siteinfo.php". **Recommendations** For ZZCMS version 2022, as a temporary workaround, consider restricting access to the "/one/siteinfo.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2022 **Description** A full path disclosure issue was discovered in ZZCMS 2022. This issue can be exploited via the "/admin/index.PHP? server" API endpoint. **Recommendations** For ZZCMS version 2022, consider restricting access to the "/admin/index.PHP" endpoint until a fix is available. Avoid using the ` server` variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZZCMS version 2022 **Description** The issue is related to a SQL injection vulnerability in the ZZCMS system, specifically in the admin/sendmailto.php component. This vulnerability arises from the lack of protection against SQL query structure manipulation when handling the `tomail` and `groupid` parameters. An attacker can exploit this vulnerability to execute arbitrary SQL code remotely. **Recommendations** For ZZCMS version 2022, as a temporary workaround, consider restricting access to the /admin/sendmailto.php component until a patch is available. Avoid using the `tomail` and `groupid` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.