RSS   Vulnerabilities for 'Laiketui'   RSS

2022-06-23
 
CVE-2021-40954

CWE-434
 

 
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.

 
 
CVE-2021-40955

CWE-89
 

 
SQL injection exists in LaiKetui v3.5.0 the background administrator list.

 
 
CVE-2021-40956

CWE-89
 

 
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.

 
2021-06-15
 
CVE-2021-34128

CWE-434
 

 
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.

 
 
CVE-2021-34129

CWE-22
 

 
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top