Kk1230

**Nome do Software Vulnerável e Versões Afetadas** TDuckCloud tduck-platform versões até a 4.0 **Descrição** Um problema crítico foi encontrado no TDuckCloud tduck-platform, afetando a função `QueryProThemeRequest` do arquivo `src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java`. A manipulação do argumento `color` resulta em injeção de SQL. O ataque pode ser iniciado remotamente. Um exploit foi divulgado publicamente e o fornecedor foi contatado, mas não respondeu. **Recomendações** Para versões até a 4.0, como solução temporária, considere desativar a função `QueryProThemeRequest` até que um patch esteja disponível. Restrinja o acesso ao argumento `color` na função afetada para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown part of the file /protocol/firewall/addaddress interpret.php. The manipulation of the `messagecontent` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, as a temporary workaround, consider restricting access to the `/protocol/firewall/addaddress interpret.php` file until a patch is available. Avoid using the `messagecontent` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions prior to 11.10 **Description** A critical vulnerability was found in Tongda OA, affecting the file general/hr/manage/staff reinstatement/delete.php. The manipulation of the `REINSTATEMENT ID` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** For versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the `delete.php` file in the `general/hr/manage/staff reinstatement` directory until the upgrade is applied. Avoid using the `REINSTATEMENT ID` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 up to 20151231 **Description** A critical vulnerability has been found in the D-Link DAR-7000, affecting the processing of the file /log/webmailattach.php. The manipulation of the `table name` argument leads to an unknown weakness. This issue may be exploited remotely, allowing an attacker to execute arbitrary commands. The exploit has been disclosed to the public. The product is end-of-life and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling access to the /log/webmailattach.php file until the product can be replaced. Restrict access to the `table name` argument to minimize the risk of exploitation. Since the product is no longer supported, the best course of action is to retire and replace it with a supported version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.