A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This...
9.8CVSS
9.3AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may.....
9.8CVSS
9.3AI Score
0.001EPSS
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be...
7.5CVSS
7.9AI Score
0.002EPSS
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary...
9.8CVSS
9.7AI Score
0.003EPSS
7.2CVSS
7.4AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component...
8.8CVSS
8.7AI Score
0.002EPSS
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl...
8.1CVSS
7.8AI Score
0.002EPSS
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php...
8.8CVSS
8.7AI Score
0.003EPSS