Lucene search

Laiketui Security Vulnerabilities

cve

CVE-2021-40956

LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be...

7.5CVSS

7.9AI Score

0.002EPSS

2022-06-23 05:15 PM

cve

CVE-2021-40954

Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary...

9.8CVSS

9.7AI Score

0.003EPSS

2022-06-23 05:15 PM

cve

CVE-2021-40955

SQL injection exists in LaiKetui v3.5.0 the background administrator...

7.2CVSS

7.4AI Score

0.001EPSS

2022-06-23 05:15 PM

cve

CVE-2020-19159

Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component...

8.8CVSS

8.7AI Score

0.002EPSS

2021-09-15 02:15 PM

cve

CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl...

8.1CVSS

7.8AI Score

0.002EPSS

2021-06-15 08:15 PM

cve

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php...

8.8CVSS

8.7AI Score

0.003EPSS

2021-06-15 08:15 PM