.. / CVE-2024-0939

Exploit for Smart S210 Management Platform < 20240117 - Arbitary File Upload (CVE-2024-0939)

Description:

Byzoro Smart S210 Management Platform up to 20240117 allows arbitrary file uploads via the file_upload parameter in the /Tool/uploadfile.php endpoint. This vulnerability can be exploited by an attacker to upload and execute malicious PHP files, leading to remote code execution.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-0939.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-0939.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-0939
https://vuldb.com/?ctiid.252184
https://vuldb.com/?id.252184
https://vuldb.com/?submit.269268