B51S77

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 versions up to 11.9 **Description** A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the `ASK DUTY ID` argument leads to SQL injection. **Recommendations** For Tongda OA 2017 versions up to 11.9, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the /general/attendance/manage/ask duty/delete.php file until the upgrade is applied. Avoid using the `ASK DUTY ID` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Beijing Baichuo Smart S40 Management Platform versions up to 20240126 **Description** A critical issue has been found in the Smart S40 Management Platform, affecting some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the `file upload` argument leads to unrestricted upload. The attack may be launched remotely. **Recommendations** For versions up to 20240126, as a temporary workaround, consider restricting access to the `/useratte/web.php` file and the `file upload` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.