CVE-2023-7039

Опубликовано: 21 дек. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical has been found in Byzoro S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.

Ссылки

https://github.com/Stitch3612/cve/blob/main/rce.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.248688
Permissions Required
Third Party Advisory
https://vuldb.com/?id.248688
Permissions Required
Third Party Advisory
https://vuldb.com/?submit.250043
https://github.com/Stitch3612/cve/blob/main/rce.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.248688
Permissions Required
Third Party Advisory
https://vuldb.com/?id.248688
Permissions Required
Third Party Advisory
https://vuldb.com/?submit.250043

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*

Версия до 2023-12-10 (включая)

cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0058

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7674-425x-p4qw

CVSS3: 6.3

github

около 2 лет назад

A vulnerability classified as critical has been found in Beijing Baichuo S210 up to 20231210. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248688.

EPSS

Процентиль: 68%

0.0058

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

NVD-CWE-noinfo