Online Product Reservation System versions up to 1.0 is affected by improper access control (CVSS 6.3).
Improper authorization in the saveUserRole request handler of yeqifu Warehouse allows authenticated remote attackers to gain unauthorized access to user role functionality and modify permissions. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Java-based Warehouse deployments using the affected commit and earlier versions.
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. [CVSS 4.7 MEDIUM]
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. [CVSS 4.7 MEDIUM]