CVE-2024-4019 | Byzoro Smart S80 Management Platform up to 20240411 /importhtml.php sql deserialization

Posted by Angelo Barbosa | Apr 19, 2024 | CVE

A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization.

This vulnerability is traded as CVE-2024-4019. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4019 | Byzoro Smart S80 Management Platform up to 20240411 /importhtml.php sql deserialization

Related Posts

CVE-2024-20055 | MediaTek MT8871 Imgsys information disclosure (ALPS08518692)

CVE-2024-30230 | Acowebs PDF Invoices and Packing Slips for WooCommerce Plugin deserialization

CVE-2024-25101 | Maspik Spam Blacklist Plugin up to 0.10.6 on WordPress Setting cross site scripting

CVE-2024-7492 | MainWP Child Reports Plugin up to 2.2 on WordPress Options Update cross-site request forgery