A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.
References
Link | Resource |
---|---|
https://github.com/Stitch3612/cve/blob/main/rce.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.248688 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.248688 | Permissions Required Third Party Advisory |
https://vuldb.com/?submit.250043 |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688. |
03 Jan 2024, 15:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Stitch3612/cve/blob/main/rce.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.248688 - Permissions Required, Third Party Advisory | |
References | () https://vuldb.com/?id.248688 - Permissions Required, Third Party Advisory | |
First Time |
Byzoro smart S210
Byzoro smart S210 Firmware Byzoro |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:* cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo |
21 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 19:15
Updated : 2024-05-17 02:34
NVD link : CVE-2023-7039
Mitre link : CVE-2023-7039
CVE.ORG link : CVE-2023-7039
JSON object : View
Products Affected
byzoro
- smart_s210
- smart_s210_firmware
CWE
NVD-CWE-noinfo
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')