First published: Fri Nov 24 2023(Updated: )
A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
<=2023-11-08 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Beijing Baichuo Smart S80 PHP File updatelib.php unrestricted upload is CVE-2023-6274.
The severity of CVE-2023-6274 is critical, with a severity value of 9.8.
The component affected by the CVE-2023-6274 vulnerability is the file /sysmanage/updatelib.php of the component PHP File Handler in Beijing Baichuo Smart S80 up to 20231108.
The CVE-2023-6274 vulnerability can be exploited by manipulating the argument file_upload in /sysmanage/updatelib.php, leading to unrestricted upload of files.
Yes, Byzoro Smart S80 Firmware up to 2023-11-08 is affected by CVE-2023-6274.