Zyhhoward

**Name of the Vulnerable Software and Affected Versions** ulisesbocchio jasypt-spring-boot versions prior to 3.0.6 ulisesbocchio jasypt-spring-boot versions prior to 4.0.5 **Description** A weakness in the Password Hash Handler component allows for the use of a one-way hash with a predictable salt. This issue is located in the `getSecretKeySaltGenerator()` function within the `jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java` file. A remote attacker can exploit this through manipulation, although the attack requires a high level of complexity and is difficult to execute. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 546669204 vps-inventory-monitoring versions prior to 98c00b370668c96ae75e91c15548d9ea113652d9 **Description** Remote code injection is possible within the VpsTest Console component. The issue exists in the `eval()` function located in the `app/index/command/VpsTest.php` file, where manipulation of the `vf` argument allows for the execution of arbitrary code. **Recommendations** Update to a version later than 98c00b370668c96ae75e91c15548d9ea113652d9. As a temporary workaround, restrict access to the `eval()` function in the `app/index/command/VpsTest.php` file or avoid using the `vf` argument.