Byzoro Smart S210 Management Platform up to 20240117 allows arbitrary file uploads via the file_upload parameter in the /Tool/uploadfile.php endpoint. This vulnerability can be exploited by an attacker to upload and execute malicious PHP files, leading to remote code execution.
View the template here CVE-2024-0939.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-0939