CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27733
https://notcve.org/view.php?id=CVE-2024-27733
07 Mar 2024 — File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. Vulnerabilidad de carga de archivos en Byzro Network Smart s42 Management Platform v.S42 permite a un atacante local ejecutar código arbitrario a través del componente useratte/userattestation.php. • https://github.com/Sadw11v/cve/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27718
https://notcve.org/view.php?id=CVE-2024-27718
04 Mar 2024 — SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. Vulnerabilidad de inyección SQL en Baizhuo Network Smart s200 Management Platform v.S200 permite a un atacante local obtener información confidencial y escalar privilegios a través del componente /importexport.php. • https://github.com/tldjgggg/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •