SQL Injection Vulnerability in Byzoro Smart S20 Management Platform
CVE-2024-1254
Key Information:
- Vendor
Byzoro
- Vendor
- CVE Published:
- 6 February 2024
Badges
What is CVE-2024-1254?
A significant vulnerability has been identified in the Byzoro Smart S20 Management Platform, affecting versions up to 20231120. This vulnerability arises from improper handling of the 'id' parameter within the file /sysmanage/sysmanageajax.php, enabling attackers to perform SQL injection attacks. This exploit can be executed remotely, allowing unauthorized access to sensitive data or manipulation of the database. The nature of the vulnerability has been publicly disclosed, leading to an increased risk for users of the affected platform. It is crucial for organizations utilizing this management tool to assess their systems and implement appropriate security measures promptly.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Smart S20 Management Platform 20231120
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved