CVE-2024-2825

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2827

CVE-2024-2827 affects lakernote EasyAdmin (up to 20240315). The vulnerability is a server-side request forgery targeting the file path "/ureport/designer/saveReportFile", enabling a remote attacker to trigger SSRF. Public disclosure and multiple sources confirm exploitation potential; CVSS metric...

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker exploited the vulnerability to cause xml external entity references...

PT-2024-22369 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A vulnerability was found in lakernote EasyAdmin, affecting unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be...

EasyAdmin 安全漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A security vulnerability exists in EasyAdmin version 20240315 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter file...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker could exploit this vulnerability to perform a server-side request forgery attack...

PT-2024-22372 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A critical issue has been found in lakernote EasyAdmin, affecting some unknown processing of the file "/ureport/designer/saveReportFile". The manipulation leads to server-side request forgery. T...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...