Bozaihuang

**Name of the Vulnerable Software and Affected Versions** itsourcecode University Management System version 1.0 **Description** A flaw has been identified in itsourcecode University Management System version 1.0. The issue resides in unknown code within the `/admin single student.php` file. Manipulation of the `ID` argument can lead to SQL injection. The attack can be carried out remotely, and an exploit has been published. The API endpoint involved is `/admin single student.php`. The vulnerable parameter is `ID`. **Recommendations** For itsourcecode University Management System version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Totolink N300RH versions 6.1.1353 B20190305 **Description** A flaw exists in the CGI Handler component of Totolink N300RH, specifically within the `setWiFiWpsConfig` function of the `/cgi-bin/cstecgi.cgi` file. This allows for operating system command injection through manipulation. The issue is remotely exploitable and details of the exploit have been publicly released. **Recommendations** Apply updates to address the vulnerability in the CGI Handler component. As a temporary workaround, restrict access to the `/cgi-bin/cstecgi.cgi` file. Consider disabling the WPS functionality until a patch is available.