CVE-2024-4019 | Byzoro Smart S80 Management Platform up to 20240411 /importhtml.php sql deserialization

Posted by Angelo Barbosa | Apr 19, 2024 | CVE

A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization.

This vulnerability is traded as CVE-2024-4019. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4019 | Byzoro Smart S80 Management Platform up to 20240411 /importhtml.php sql deserialization

Related Posts

CVE-2024-10419 | code-projects Blood Bank Management System 1.0 /bloodrequest.php msg cross site scripting

CVE-2024-3690 | PHPGurukul Small CRM 3.0 Change Password sql injection

CVE-2023-47166 | Milesight UR32L 32.3.0.7-r2 luci2-io improper authorization (TALOS-2023-1852)

CVE-2024-34502 | MediaWiki up to 1.39.5/1.40.1/1.41.0 WikibaseLexeme Special:MergeLexemes access control