PT-2023-32847 · Byzoro+1 · Byzoro S210+1

Stitch36

Publicado

2023-12-21

Atualizado

2024-05-17

CVE-2023-7039

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Byzoro S210 up to 20231210 Beijing Baichuo S210 up to 20231210

Description A critical issue has been discovered, affecting an unknown function of the file /importexport.php. The manipulation of the sql argument leads to injection. This issue can be exploited remotely.

Recommendations For Byzoro S210 up to 20231210, consider restricting access to the /importexport.php file until a patch is available. For Beijing Baichuo S210 up to 20231210, consider restricting access to the /importexport.php file until a patch is available. As a temporary workaround, avoid using the sql argument in the affected file until the issue is resolved.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2023-7039

Produtos afetados

Beijing Baichuo S210

Byzoro S210

PT-2023-32847 · Byzoro+1 · Byzoro S210+1

CVE-2023-7039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7