A Guest

**Nome do software vulnerável e versões afetadas** TP-Link TL-WA855RE V5 20200415-rel37464 **Descrição** A vulnerabilidade permite que um invasor não autenticado na mesma rede envie uma solicitação POST TDDP RESET para uma redefinição de fábrica e reinicialização. Após a redefinição, o invasor pode obter controle de acesso indevido ao definir uma nova senha administrativa. **Recomendações** Para o TP-Link TL-WA855RE V5 20200415-rel37464, como solução temporária, considere restringir o acesso à rede do dispositivo para minimizar o risco de exploração. Evite usar o dispositivo até que um patch ou correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Artica Integria IMS version 5.0.86 **Description** The issue allows for arbitrary file upload through the filemgr.php script in the wiki operation section. This is achieved by accessing the "index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload" API endpoint. The `action` parameter is set to `upload`, which enables the file upload functionality. **Recommendations** For Artica Integria IMS version 5.0.86, consider disabling the file upload functionality in the wiki operation section until a patch is available. Restrict access to the filemgr.php script to minimize the risk of exploitation. Avoid using the `action` parameter set to `upload` in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open-School version 3.0 Community Edition version 2.3 **Description** The issue allows SQL Injection via the "index.php?r=students/students/document" endpoint, specifically the `id` parameter. **Recommendations** For Open-School version 3.0, update to a version that fixes this issue. For Community Edition version 2.3, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "index.php?r=students/students/document" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open-School version 3.0 Community Edition version 2.3 **Description** The issue allows for XSS via the "osv/index.php?r=students/guardians/create" API endpoint, specifically through the `id` parameter. **Recommendations** For Open-School version 3.0, update to a version that fixes this issue. For Community Edition version 2.3, avoid using the `id` parameter in the "osv/index.php?r=students/guardians/create" API endpoint until the issue is resolved.