RSS   Vulnerabilities for 'Vaethink'   RSS

2021-08-03
 
CVE-2020-19301

CWE-863
 

 
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.

 
 
CVE-2020-19302

CWE-434
 

 
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".

 


Copyright 2024, cxsecurity.com

 

Back to Top