Haolunsong

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 versions up to 20151231 **Description** The issue is related to the lack of validation of XML object sequences in the /sysmanage/edit manageadmin.php component of the D-Link DAR-7000 router's firmware. This can be exploited by a remote attacker to execute arbitrary SQL code. The manipulation of the `id` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** As the product is end-of-life and no longer supported by the maintainer, it is recommended to retire and replace the D-Link DAR-7000 router to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tongda OA 2017 versions prior to 11.10 **Description** A critical issue was found in Tongda OA 2017, affecting an unknown function of the file general/hr/manage/staff title evaluation/delete.php. The manipulation of the `EVALUATION ID` argument leads to SQL injection. This issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Tongda OA 2017 versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the `delete.php` file in the `general/hr/manage/staff title evaluation` directory to minimize the risk of exploitation. Avoid using the `EVALUATION ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester File Tracker Manager System version 1.0 **Description** A vulnerability has been found in the SourceCodester File Tracker Manager System, affecting the file /file manager/admin/save user.php of the component POST Parameter Handler. The manipulation of the `firstname` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For SourceCodester File Tracker Manager System version 1.0, consider restricting access to the `/file manager/admin/save user.php` endpoint until a patch is available. As a temporary workaround, avoid using the `firstname` argument in the affected POST Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Internship Management System version 1.0 **Description** A critical issue affects the file admin/login.php of the component POST Parameter Handler. The manipulation of the `email` argument leads to sql injection. The attack can be launched remotely. **Recommendations** For SourceCodester Online Internship Management System version 1.0, consider restricting access to the `admin/login.php` file until a patch is available. As a temporary workaround, avoid using the `email` argument in the affected POST Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.