Besim Altinok

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn version 1.13 **Description** The Edimax EW-7438RPn version 1.13 contains a flaw that allows disclosure of WiFi network configuration details. An attacker can access the `wlencrypt wiz.asp` file to retrieve sensitive information, including the WiFi network name and the plaintext password stored in device configuration variables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis E1+ version 1.2.32533 **Description** An information disclosure issue exists that allows unauthenticated attackers to retrieve WiFi passwords. Attackers can send a GET request to the ''netcore get.cgi'' endpoint to extract sensitive network credentials, including SSID and WiFi passwords, in plain text. The `netcore get.cgi` endpoint is the point of access for this information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn version 1.13 **Description** The Edimax EW-7438RPn version 1.13 contains a cross-site request forgery issue in the MAC filtering configuration interface. An attacker can create malicious web pages to deceive users into adding unauthorized MAC addresses to the device’s filtering rules without their knowledge. The vulnerability allows attackers to manipulate the device's MAC filtering settings. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the MAC filtering feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Booked Scheduler version 2.7.7 **Description** A directory traversal issue exists in the 'manage email templates.php' script. Authenticated administrators can exploit the `tn` parameter to read files outside the intended directory by using directory path traversal techniques, which is a method used to access files and directories that are stored outside the web root folder. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** i-doit Open Source CMDB version 1.14.1 **Description** An issue in the import module allows authenticated attackers to delete arbitrary files from the server filesystem. This is achieved by sending a POST request to the import module and manipulating the `delete import` parameter with a crafted filename. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webTareas version 2.0.p8 **Description** The administration component 'print layout.php' contains a flaw allowing authenticated attackers to delete arbitrary files on the server. This is achieved by manipulating the `atttmp1` parameter through an unauthenticated file deletion mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webERP version 4.15.1 **Description** An unauthenticated file access issue allows remote attackers to download database backup files. Attackers can directly access generated backup files located in the 'companies/weberp/' directory by requesting the `Backup [timestamp].sql.gz` file. **Recommendations** For version 4.15.1, restrict access to the 'companies/weberp/' directory to prevent unauthorized downloads of backup files.

**Name of the Vulnerable Software and Affected Versions** School ERP Pro version 1.0 **Description** School ERP Pro version 1.0 has a flaw that allows attackers to read arbitrary files without needing to log in. This is possible by manipulating the `document` parameter within the 'download.php' file. By providing directory traversal paths, attackers can gain access to sensitive configuration files, potentially revealing system credentials and configuration information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** School ERP Pro version 1.0 **Description** School ERP Pro version 1.0 contains a SQL injection issue in the `es messagesid` parameter. Attackers can manipulate database queries through GET requests by injecting crafted SQL statements. This could allow attackers to extract, modify, or delete database information. The vulnerable parameter is accessible via GET requests. **Recommendations** Apply a fix for School ERP Pro version 1.0 to address the SQL injection issue in the `es messagesid` parameter.

**Name of the Vulnerable Software and Affected Versions** School ERP Pro version 1.0 **Description** School ERP Pro 1.0 has a file upload issue that permits students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts via the message attachment feature, leading to remote code execution on the server. The vulnerable feature is the message attachment functionality, which does not properly validate uploaded files. The affected API endpoint is the messaging system's file upload function. The vulnerable parameter is the file attachment, `file`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maian Support Helpdesk version 4.3 **Description** The software contains a cross-site request forgery condition that permits attackers to create administrative accounts without needing to authenticate. Attackers can construct malicious HTML forms to add administrative users and upload PHP files. The file upload through the FAQ attachment system has no restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis E1+ version 1.2.32533 **Description** The Netis E1+ device version 1.2.32533 has a hardcoded root account that allows unauthenticated attackers to access the device using predefined credentials. Attackers can exploit the embedded root account with a crackable password to obtain full administrative access to the network device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Edimax EW-7438RPn Mini firmware versions 1.13 and prior Description: A remote authenticated attacker can exploit an OS command injection issue via the syscmd.asp form handler, specifically through the "sysCmd" parameter in the "/goform/formSysCmd" endpoint. This allows the execution of arbitrary shell commands as the root user. Recommendations: For Edimax EW-7438RPn Mini firmware versions 1.13 and prior, consider disabling access to the "/goform/formSysCmd" endpoint until a patch is available. Restrict the use of the `sysCmd` parameter in the syscmd.asp form handler to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Edimax EW-7438RPn versions 1.13 and prior Description: An OS command injection issue exists, allowing an authenticated attacker to inject shell commands and achieve arbitrary command execution as the root user. This is due to the improper handling of user-supplied input to the `command` parameter in the "/goform/mp" endpoint. Recommendations: For Edimax EW-7438RPn versions 1.13 and prior, as a temporary workaround, consider restricting access to the "/goform/mp" endpoint until a patch is available. Avoid using the `command` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.