9.8
CVE-2023-6274
- EPSS 2.86%
- Veröffentlicht 24.11.2023 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:30
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginByzoro Smart S80 PHP File updatelib.php unrestricted upload
A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Byzoro ≫ Smart S80 Firmware Version <= 2023-11-08
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.86% | 0.849 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/Carol7S/cve/blob/main/rce.md
https://vuldb.com/?ctiid.246103
https://vuldb.com/?id.246103
https://vuldb.com/?submit.234888