LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be...
7.5CVSS
7.9AI Score
0.002EPSS
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary...
9.8CVSS
9.7AI Score
0.003EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component...
8.8CVSS
8.7AI Score
0.002EPSS
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl...
8.1CVSS
7.8AI Score
0.002EPSS
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php...
8.8CVSS
8.7AI Score
0.003EPSS