9 matches found
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...
CVE-2024-27718
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component...
CVE-2024-4904
A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument webimg leads to unrestricted upload. The attack may be initiated...
CVE-2024-4904 Byzoro Smart S200 Management Platform userattestation.php unrestricted upload
A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument webimg leads to unrestricted upload. The attack may be initiated...
CVE-2024-4904 Byzoro Smart S200 Management Platform userattestation.php unrestricted upload
A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument webimg leads to unrestricted upload. The attack may be initiated...
CVE-2024-4904
The CVE-2024-4904 entry concerns Byzoro Smart S200 Management Platform (up to 20240507). The issue is triggered by improper handling of the web_img argument in the file path /useratte/userattestation.php, enabling unrestricted file upload. This could potentially allow remote attackers to upload a...
CVE-2024-27718
The connected Nuclei template confirms a SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200, exploitable via the /importexport.php component. The root cause is an SQL injection in that endpoint, allowing a local attacker to obtain sensitive information and escala...
PT-2024-22009 · Baizhuo Network · Baizhuo Network Smart S200 Management Platform
Name of the Vulnerable Software and Affected Versions: Baizhuo Network Smart s200 Management Platform version S200 Description: The issue allows a local attacker to obtain sensitive information and escalate privileges. This is achieved via the "/importexport.php" component, which is vulnerable to...
CVE-2024-27718
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component...