CVE-2023-6906

Summary: CVE-2023-6906 affects Totolink A7100RU. The issue resides in the HTTP POST Request Handler, specifically the function main in the file /cgi-bin/cstecgi.cgi?action=login, where the e8 parameter input is not properly validated, causing a buffer overflow. This condition can be triggered rem...

Totolink A7100RU 安全漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A7100RU version 7.4cu.2313B20191024 suffers from a buffer overflow vulnerability, which originates from the failure of the e8 parameter in the component HTTP POST Request Handler to correctly validate t...

CVE-2023-6901

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

Command injection

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901 codelyfe Stupid Simple CMS HTTP POST Request handle-command.php os command injection

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901

CVE-2023-6901 affects codelyfe Stupid Simple CMS versions up to 1.2.3. The vulnerability lies in the HTTP POST Request Handler’s file /terminal/handle-command.php, where using the argument with input “whoami” enables an OS command injection. The issue is exploitable remotely and an exploit has be...

PT-2023-32810 · Codelyfe · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.3 Description: A critical issue was found in the HTTP POST Request Handler component, specifically affecting the file /terminal/handle-command.php. The manipulation of the command argument with th...

Design/Logic Flaw

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-6576

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument fileupload leads to unrestricted upload. The attack can ...

CVE-2023-6576 Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument fileupload leads to unrestricted upload. The attack can ...

CVE-2023-6576

CVE-2023-6576 affects Byzoro S210 (up to 20231123) and also mentions Beijing Baichuo S210 in related records. The vulnerability is in the HTTP POST Request Handler’s /Tool/uploadfile.php, where manipulating the file_upload argument enables unrestricted file uploads. This allows remote exploitatio...

CVE-2023-6575

A vulnerability was found in Byzoro S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack...

CVE-2023-6574

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

Sql injection

A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the...

CVE-2023-6575 Byzoro S210 HTTP POST Request repair.php sql injection

A vulnerability was found in Byzoro S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack...

CVE-2023-6575

CVE-2023-6575 affects Beijing/Byzoro S210 up to 20231121. A SQL injection arises from manipulating the txt argument in the /Tool/repair.php HTTP POST handler, enabling remote exploitation. Public exploits/disclosures exist. Several connected sources corroborate the affected component and vulnerab...

CVE-2023-6574 Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

CVE-2023-6574

CVE-2023-6574 affects Byzoro Smart S20 (up to 20231120) and Beijing Baichuo Smart S20. The flaw is in the HTTP POST Request Handler, specifically the 1_file_upload argument in /sysmanage/updateos.php, whose manipulation leads to unrestricted file upload. The vulnerability allows remote exploitati...