CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4414 – Byzoro Smart S85F Management Platform decodmail.php command injection
https://notcve.org/view.php?id=CVE-2023-4414
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be launched remotely. • https://github.com/RCEraser/cve/blob/main/S85F.md https://vuldb.com/?ctiid.237517 https://vuldb.com/?id.237517 https://vuldb.com/?submit.191743 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2023-4121 – Byzoro Smart S85F Management Platform unrestricted upload
https://notcve.org/view.php?id=CVE-2023-4121
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. • https://github.com/torres14852/cve/blob/main/upload.md https://vuldb.com/?ctiid.235968 https://vuldb.com/?id.235968 https://vuldb.com/?submit.185755 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2023-4120 – Byzoro Smart S85F Management Platform importhtml.php command injection
https://notcve.org/view.php?id=CVE-2023-4120
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RCEraser/cve/blob/main/rce.md https://vuldb.com/?ctiid.235967 https://vuldb.com/?id.235967 https://vuldb.com/?submit.185751 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •