CVE-2025-10711

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-10711 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2025-10711 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting

A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been...

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

CVE-2024-25520

CVE-2024-25520 affects RuvarOA v6.01 and v12.01. A SQL injection exists via the id parameter to /SysManage/sys_blogtemplate_new.aspx, stemming from a lack of input validation. Attackers could execute arbitrary SQL commands, with potential exposure or manipulation of database data (per CNVD/Red Ha...

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

CVE-2024-25514

RuvarOA versions 6.01 and 12.01 are affected by a SQL injection vulnerability in the template_id parameter of /SysManage/wf_template_child_field_list.aspx. The issue originates from lack of input validation in the affected endpoint. Documented impact includes potential data exposure or manipulati...

PT-2024-20976 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/SysManage/wf template child field list.aspx" API endpoint...

CVE-2024-25514

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...

PT-2024-17643 · Beijing Baichuo · Smart S20 Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S20 Management Platform versions up to 20231120 Description: A critical vulnerability was found in the Smart S20 Management Platform, affecting an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation o...

CVE-2023-6574

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

Byzro Networks Smart S80 Code Issue Vulnerability

Byzro Networks Smart S80 is an Internet behavior management product from Byzro Networks. A code issue vulnerability exists in Byzro Networks Smart S80 20231108 and prior versions, which stems from the parameter fileupload in the file /sysmanage/updatelib.php resulting in unrestricted uploads...

PT-2023-32587 · Beijing Baichuo +1 · Beijing Baichuo Smart S80 +1

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S80 versions up to 20231108 Beijing Baichuo Smart S80 versions up to 20231108 Description: A critical issue affects an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation...

The vulnerability of the /sysmanage/edit_manageadmin.php component in the DAR-7000 router microprogramming system allows a attacker to execute arbitrary SQL code.

The vulnerability of the /sysmanage/editmanageadmin.php component in the DAR-7000 router microprogramming system is related to the lack of validation for the sequence of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

PT-2023-32259 · Byzoro · Byzoro Smart S85F Management Platform

Name of the Vulnerable Software and Affected Versions: Byzoro Smart S85F Management Platform versions up to 20231010 Description: A critical issue affects the processing of the file /sysmanage/importconf.php. The manipulation of the btn file renew argument leads to os command injection. The attac...

CVE-2023-5488

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument fileupload leads t...