Longwayhomie

**Name of the Vulnerable Software and Affected Versions** UNIT4 TETA Mobile Edition (ME) versions prior to 29.5.HF17 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `ProfileName` parameter in the "errorReporting" page. **Recommendations** For versions prior to 29.5.HF17, update to version 29.5.HF17 or later to resolve the issue. As a temporary workaround, consider restricting access to the "errorReporting" page or avoiding the use of the `ProfileName` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** OpenDocMan version 1.4.4 **Description** An attacker can upload or transfer files of dangerous types to the OpenDocMan portal via the "add.php" endpoint using MIME-bypass. This may lead to arbitrary code execution or automatic processing within the product's environment. **Recommendations** For OpenDocMan version 1.4.4, consider restricting access to the "add.php" endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, restrict the upload of files to only necessary and safe types to prevent potential arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** The Online Admission System version 1.0 **Description** The issue allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through the "documents.php" endpoint, which may be used to execute malicious code or lead to code execution. **Recommendations** For The Online Admission System version 1.0, consider restricting access to the "documents.php" endpoint to prevent unauthenticated file uploads until a patch is available. As a temporary workaround, restrict the types of files that can be uploaded through this endpoint to minimize the risk of exploitation.