.. / CVE-2024-27718

Exploit for Smart s200 Management Platform v.S200 - Unauthenticated SQL Injection (CVE-2024-27718)

Description:

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-27718.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-27718.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-27718
https://github.com/tldjgggg/cve/blob/main/sql.md