CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5489 – Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform uploadfile.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5489
A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/llixixi/cve/blob/main/s45_upload_%20uploadfile.md https://vuldb.com/?ctiid.241641 https://vuldb.com/?id.241641 https://vuldb.com/?submit.213946 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5488 – Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-5488
A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. • https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md https://vuldb.com/?ctiid.241640 https://vuldb.com/?id.241640 https://vuldb.com/?submit.213945 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4873 – Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection
https://notcve.org/view.php?id=CVE-2023-4873
A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cugerQDHJ/cve/blob/main/rce.md https://vuldb.com/?ctiid.239358 https://vuldb.com/?id.239358 https://vuldb.com/?submit.204279 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4745 – Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php sql injection
https://notcve.org/view.php?id=CVE-2023-4745
A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. • https://github.com/Jacky-Y/vuls/blob/main/vul6.md https://vuldb.com/?ctiid.238634 https://vuldb.com/?id.238634 https://vuldb.com/?submit.198222 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •