CVE-2025-10711

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-10711 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-10711 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

CVE-2024-25520

CVE-2024-25520 affects RuvarOA v6.01 and v12.01. A SQL injection exists via the id parameter to /SysManage/sys_blogtemplate_new.aspx, stemming from a lack of input validation. Attackers could execute arbitrary SQL commands, with potential exposure or manipulation of database data (per CNVD/Red Ha...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

PT-2024-20976 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/SysManage/wf template child field list.aspx" API endpoint...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

CVE-2024-25514

RuvarOA versions 6.01 and 12.01 are affected by a SQL injection vulnerability in the template_id parameter of /SysManage/wf_template_child_field_list.aspx. The issue originates from lack of input validation in the affected endpoint. Documented impact includes potential data exposure or manipulati...

PT-2024-17643 · Beijing Baichuo · Smart S20 Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S20 Management Platform versions up to 20231120 Description: A critical vulnerability was found in the Smart S20 Management Platform, affecting an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation o...

CVE-2023-6574

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

PT-2023-32587 · Beijing Baichuo +1 · Beijing Baichuo Smart S80 +1

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S80 versions up to 20231108 Beijing Baichuo Smart S80 versions up to 20231108 Description: A critical issue affects an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation...

Byzro Networks Smart S80 Code Issue Vulnerability

Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Networks Smart S80 20231108 and prior versions, which stems from the parameter fileupload in the file /sysmanage/updatelib.php resulting in unrestricted uploads...

CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

PT-2023-32259 · Byzoro · Byzoro Smart S85F Management Platform

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S85F Management Platform versions up to 20231010 Description: A critical issue affects the processing of the file /sysmanage/importconf.php. The manipulation of the btn file renew argument leads to os command injection. The attac...

CVE-2023-5488

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument fileupload leads t...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...