Zzctd

**Name of the Vulnerable Software and Affected Versions** YiFang CMS version 2.0.5 **Description** A security issue exists in YiFang CMS 2.0.5 related to cross site scripting. The issue is located in the `update` function of the file `app/db/admin/D friendLink.php`. Manipulation of the `linkName` argument can lead to exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YiFang CMS version 2.0.5 **Description** A cross-site scripting issue exists in YiFang CMS version 2.0.5. The flaw is located in the `update` function of the file `app/db/admin/D singlePageGroup.php`. Manipulation of the `Name` argument can allow for the execution of malicious scripts. The issue is potentially exploitable remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YiFang CMS version 2.0.5 **Description** A cross site scripting issue exists in YiFang CMS version 2.0.5 due to manipulation of the `Title` argument within the `update` function of the file `app/db/admin/D singlePage.php`. This allows for remote attacks. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Apply a fix to the `update` function of the file `app/db/admin/D singlePage.php` to properly sanitize the `Title` argument.

**Name of the Vulnerable Software and Affected Versions** YiFang CMS versions up to 2.0.5 **Description** A weakness exists in YiFang CMS that allows for cross site scripting. This issue affects the `update` function of the file `app/db/admin/D adManage.php` within the Extended Management Module. Manipulation of the `Name` argument can be exploited remotely. The exploit is publicly available. **Recommendations** Versions prior to 2.0.5 should be updated. As a temporary workaround, consider restricting access to the `update` function within the `D adManage.php` file of the Extended Management Module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** YiFang CMS versions up to 2.0.5 **Description** A security flaw exists in YiFang CMS up to version 2.0.5. The issue is related to the `update` function within the file `app/db/admin/D adPosition.php` of the Extended Management Module. Manipulation of the `name`/index argument can lead to cross-site scripting. This attack is possible remotely, and the exploit has been publicly released. **Recommendations** Versions prior to 2.0.5 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YiFang CMS versions up to 2.0.5 **Description** A security issue exists in YiFang CMS that allows for cross-site scripting. The issue is located in the `update` function of the file `app/db/admin/D friendLinkGroup.php` within the Extended Management Module. Manipulation of the `Name` argument can trigger the issue, and the attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 2.0.5 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ versions up to 6.3.2 **Description** A security issue exists in DedeBIZ that allows for SQL injection. The issue is located in the file `/admin/archives add.php`. Manipulation of the `flags[]` argument can lead to successful exploitation. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 6.3.2 should be updated. As a temporary workaround, restrict access to the `/admin/archives add.php` file.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ versions up to 6.3.2 **Description** A flaw exists in DedeBIZ that allows for remote SQL injection. The issue is located in the `/admin/freelist main.php` file, within an unknown function. Manipulating the `orderby` argument can trigger the injection. The exploit for this issue has been publicly released. **Recommendations** Versions prior to 6.3.2 should be updated.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ versions up to 6.3.2 **Description** A flaw exists in DedeBIZ that allows for remote SQL injection. This issue is related to the manipulation of the `flags[]` argument within the `/admin/spec add.php` file. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 6.3.2 should be updated. As a temporary workaround, restrict access to the `/admin/spec add.php` file.

**Name of the Vulnerable Software and Affected Versions** DedeBIZ versions prior to 6.3.3 **Description** A flaw exists in DedeBIZ that allows for SQL injection. This issue affects an unknown function within the `/admin/templets one edit.php` file. The `ids` parameter is susceptible to manipulation, potentially enabling remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations** Update DedeBIZ to version 6.3.3 or later. As a temporary workaround, restrict access to the `/admin/templets one edit.php` file. Avoid using the `ids` parameter in the affected file until the issue is resolved.