CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1254 – Byzoro Smart S20 Management Platform sysmanageajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-1254
A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md https://vuldb.com/?ctiid.252993 https://vuldb.com/?id.252993 https://vuldb.com/?submit.274042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1253 – Byzoro Smart S40 Management Platform Import web.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-1253
A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/b51s77/cve/blob/main/upload.md https://vuldb.com/?ctiid.252992 https://vuldb.com/?id.252992 https://vuldb.com/?submit.273438 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2024-0939 – Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-0939
A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md https://vuldb.com/?ctiid.252184 https://vuldb.com/?id.252184 https://vuldb.com/?submit.269268 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0716 – Byzoro Smart S150 Management Platform Backup File download.php information disclosure
https://notcve.org/view.php?id=CVE-2024-0716
A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md https://vuldb.com/?ctiid.251541 https://vuldb.com/?id.251541 https://vuldb.com/?submit.265177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0712 – Byzoro Smart S150 Management Platform userattea.php access control
https://notcve.org/view.php?id=CVE-2024-0712
A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. • https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md https://vuldb.com/?ctiid.251538 https://vuldb.com/?id.251538 https://vuldb.com/?submit.264497 • CWE-284: Improper Access Control •