Wind-Liberty

**Name of the Vulnerable Software and Affected Versions** CodeAstro House Rental Management System version 1.0 **Description** A critical issue has been found in the CodeAstro House Rental Management System. The problem affects an unknown functionality of the file /ownersignup.php. Manipulation of the argument `f/e/p/m/o/n/c/s/ci/a` can lead to SQL injection. This issue can be exploited remotely. Although the initial advisory only mentions the parameter `m` as being affected, it is assumed that many other parameters are also vulnerable. The exploit for this issue has been made public. **Recommendations** For CodeAstro House Rental Management System version 1.0, as a temporary workaround, consider restricting access to the /ownersignup.php file until a patch is available. Additionally, avoid using the parameters `f`, `e`, `p`, `m`, `o`, `n`, `c`, `s`, `ci`, and `a` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro House Rental Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file /signin.php. The manipulation of the argument `u/p` leads to SQL injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For CodeAstro House Rental Management System version 1.0, consider disabling access to the `/signin.php` file until a patch is available. As a temporary workaround, restrict the use of the `u/p` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Car Rental System version 1.0 **Description** A critical vulnerability was found in the Simple Car Rental System. This issue affects unknown code in the file /account.php. The manipulation of the `email/pass` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Simple Car Rental System version 1.0, as a temporary workaround, consider restricting access to the `/account.php` file until a patch is available. Avoid using the `email/pass` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical vulnerability has been found in the file /view/vpn/autovpn/sub commit.php, where the manipulation of the `key` argument leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Recommendations: For Ruijie RG-UAC version 1.0, as a temporary workaround, consider restricting access to the /view/vpn/autovpn/sub commit.php file until a patch is available. Avoid using the `key` argument in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.