Llixixioo

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 **Description** A critical issue has been found in the Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform, affecting an unknown functionality of the file /useratte/web.php. The manipulation of the `file upload` argument leads to unrestricted upload. This issue can be exploited remotely. **Recommendations** For Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, consider restricting access to the `/useratte/web.php` file until a patch is available. For Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, avoid using the `file upload` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 **Description** A critical issue affects some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the `file upload` argument leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For versions up to 20230928, as a temporary workaround, consider disabling the `file upload` argument in the /sysmanage/updatelib.php file until a patch is available. Restrict access to the /sysmanage/updatelib.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 **Description** A critical vulnerability has been found in the Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform. The issue affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the `file upload` argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928, as a temporary workaround, consider disabling the file upload functionality in the /Tool/uploadfile.php file until a patch is available. Restrict access to the /Tool/uploadfile.php file to minimize the risk of exploitation. Avoid using the `file upload` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 **Description** A critical vulnerability was found in the Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform. The issue affects the file /useratte/userattestation.php, where the manipulation of the `web img` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** For versions up to 20230928, as a temporary workaround, consider restricting access to the /useratte/userattestation.php file until a patch is available. Avoid using the `web img` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 **Description** A critical issue has been found in the processing of the file /sysmanage/updatelib.php. The manipulation of the `file upload` argument leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, consider disabling the `file upload` argument in the /sysmanage/updatelib.php file until a patch is available. For Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, restrict access to the /sysmanage/updatelib.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928 **Description** A critical issue was found in the software, affecting an unknown function of the file /sysmanage/licence.php. The manipulation of the `file upload` argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, consider disabling the `file upload` argument in the /sysmanage/licence.php file as a temporary workaround until a patch is available. For Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform versions up to 20230928, restrict access to the /sysmanage/licence.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Computer and Laptop Store version 1.0 **Description** A critical vulnerability was found in the SourceCodester Online Computer and Laptop Store. The issue affects an unknown functionality of the file products.php. The manipulation of the argument `c` leads to SQL injection. The attack can be launched remotely. **Recommendations** For version 1.0, consider disabling the functionality related to the file products.php until a patch is available. Restrict access to the `c` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue affects the processing of the file teacher signup.php, where the manipulation of the `firstname` and `lastname` arguments leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider disabling the processing of the `firstname` and `lastname` arguments in the teacher signup.php file as a temporary workaround until a patch is available. Restrict access to the teacher signup.php file to minimize the risk of exploitation. Avoid using the `firstname` and `lastname` arguments in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Engineers Online Portal. The issue affects an unknown function of the file upload save student.php, where the manipulation of the `uploaded file` argument leads to unrestricted upload. This allows for remote attacks. **Recommendations** For version 1.0, consider disabling the file upload functionality in upload save student.php until a patch is available to prevent unrestricted file uploads. Restrict access to the upload save student.php file to minimize the risk of exploitation. Avoid using the `uploaded file` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue has been found in the processing of the file student avatar.php, allowing for unrestricted upload through the manipulation of the `change` argument. This issue can be exploited remotely. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider restricting access to the student avatar.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `change` argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue was found in the login functionality, specifically in the file login.php. The manipulation of the `username` and `password` arguments leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider disabling the login functionality until a patch is available. Restrict access to the login.php file to minimize the risk of exploitation. Avoid using the `username` and `password` arguments in the affected login functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue has been found in the software, affecting an unknown functionality of the file my classmates.php. The manipulation of the `teacher class student id` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider disabling the functionality related to the file my classmates.php until a patch is available. Restrict access to the `teacher class student id` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue was found in the file my students.php, where the manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider restricting access to the my students.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical vulnerability was found in the SourceCodester Engineers Online Portal, affecting unknown code in the file seed message student.php. The manipulation of the `teacher id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider restricting access to the seed message student.php file until a patch is available. As a temporary workaround, avoid using the `teacher id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical issue has been found in the file remove inbox message.php, where the manipulation of the `id` argument leads to SQL injection. This can be initiated remotely. The issue has been publicly disclosed and may be exploited. **Recommendations** For SourceCodester Engineers Online Portal version 1.0, consider disabling the `remove inbox message.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Engineers Online Portal version 1.0 **Description** A critical vulnerability was found in the SourceCodester Engineers Online Portal, affecting the file downloadable student.php. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For version 1.0, consider restricting access to the downloadable student.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 version up to 20151231 D-Link DAR-8000 (affected versions not specified) **Description** A critical vulnerability has been found in the `sysmanage/licence.php` component of D-Link DAR-7000 and DAR-8000, related to the lack of restrictions on file uploads. The manipulation of the `file upload` argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For D-Link DAR-7000 version up to 20151231: As the product is end-of-life, it should be retired and replaced. For D-Link DAR-8000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `/sysmanage/licence.php` file to minimize the risk of exploitation. Restrict access to the `file upload` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-8000 versions up to 20151231 **Description** The issue is related to an unrestricted file upload vulnerability in the /sysmanage/changelogo.php file of the D-Link DAR-8000 router's firmware. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the `file upload` argument leads to this unrestricted upload. The product is end-of-life and should be retired and replaced. **Recommendations** For D-Link DAR-8000 versions up to 20151231, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /sysmanage/changelogo.php file to minimize the risk of exploitation. Avoid using the `file upload` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231 **Description** The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updatelib.php file of the D-Link DAR-7000 and DAR-8000 router software. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the `file upload` argument leads to this unrestricted upload. The attack may be launched remotely. **Recommendations** For D-Link DAR-7000 versions up to 20151231: As the product is end-of-life, it is recommended to retire and replace it. For D-Link DAR-8000 versions up to 20151231: As the product is end-of-life, it is recommended to retire and replace it. As a temporary workaround, consider restricting access to the /sysmanage/updatelib.php file to minimize the risk of exploitation. Avoid using the `file upload` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 and DAR-8000 up to 20151231 **Description** A critical vulnerability affects the file /Tool/uploadfile.php, allowing unrestricted upload through the manipulation of the `file upload` argument. This can be initiated remotely, potentially enabling an attacker to execute arbitrary commands. The exploit has been disclosed publicly. **Recommendations** For D-Link DAR-7000 and DAR-8000 up to 20151231, it is recommended to retire and replace these products as they are end-of-life and no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /Tool/uploadfile.php file to minimize the risk of exploitation. Avoid using the `file upload` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.