Byzoro S210 HTTP POST Request repair.php sql injection
CVE-2023-6575

8.8HIGH

Key Information:

Vendor

Byzoro

Status
S210
Vendor
CVE Published:
7 December 2023

What is CVE-2023-6575?

A SQL Injection vulnerability has been identified in the Byzoro S210, specifically within the HTTP POST Request Handler's repair.php file. This flaw enables attackers to manipulate the 'txt' argument, potentially allowing remote adversaries to execute unauthorized SQL commands. This vulnerability is made public, raising concerns for security as it could be exploited without user interaction. The vendor has not provided a response regarding the disclosure despite early notification.

Affected Version(s)

S210 20231121

References

https://vuldb.com/?id.247155
vdb-entrytechnical-description
https://vuldb.com/?ctiid.247155
signaturepermissions-required
https://vuldb.com/?submit.241692
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

houdong (VulDB User)
.