A Guest

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WA855RE V5 20200415-rel37464 **Description** The issue allows an unauthenticated attacker on the same network to submit a TDDP RESET POST request for a factory reset and reboot. After the reset, the attacker can obtain incorrect access control by setting a new administrative password. **Recommendations** For TP-Link TL-WA855RE V5 20200415-rel37464, as a temporary workaround, consider restricting access to the device's network to minimize the risk of exploitation. Avoid using the device until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica Integria IMS version 5.0.86 **Description** The issue allows for arbitrary file upload through the filemgr.php script in the wiki operation section. This is achieved by accessing the "index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload" API endpoint. The `action` parameter is set to `upload`, which enables the file upload functionality. **Recommendations** For Artica Integria IMS version 5.0.86, consider disabling the file upload functionality in the wiki operation section until a patch is available. Restrict access to the filemgr.php script to minimize the risk of exploitation. Avoid using the `action` parameter set to `upload` in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open-School version 3.0 Community Edition version 2.3 **Description** The issue allows SQL Injection via the "index.php?r=students/students/document" endpoint, specifically the `id` parameter. **Recommendations** For Open-School version 3.0, update to a version that fixes this issue. For Community Edition version 2.3, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "index.php?r=students/students/document" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open-School version 3.0 Community Edition version 2.3 **Description** The issue allows for XSS via the "osv/index.php?r=students/guardians/create" API endpoint, specifically through the `id` parameter. **Recommendations** For Open-School version 3.0, update to a version that fixes this issue. For Community Edition version 2.3, avoid using the `id` parameter in the "osv/index.php?r=students/guardians/create" API endpoint until the issue is resolved.