CVE-2023-4120

Name of the Vulnerable Software and Affected Versions Byzoro Smart S85F Management Platform versions up to 20230722

Description A critical issue affects the processing of the file importhtml.php, where the manipulation of the sql argument leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly.

Recommendations For versions up to 20230722, as a temporary workaround, consider restricting access to the importhtml.php file until a patch is available. Avoid using the sql argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.