26 matches found
CVE-2022-37181
72crm 9.0 has an Arbitrary file upload vulnerability...
EUVD-2022-49414
Malicious code in bioql PyPI...
EUVD-2022-39834
Malicious code in bioql PyPI...
CVE-2022-46610
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-37178
An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar...
PT-2024-19646 · Wukongopensource +1 · Wukongopensource Wukongcrm +1
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 72crm 9.0.1 20191202 Description: An issue in WuKongOpenSource WukongCRM allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component. Recommendations: For versio...
CVE-2022-46610
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-46610
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-46610
CVE-2022-46610 affects 72crm v9. The issue is an arbitrary file upload via the avatar upload function, allowing execution of crafted PHP code. Underlying cause: improper handling of uploaded files in the avatar feature (no details on root cause beyond the description). Impact per sources: potenti...
72crm 代码问题漏洞
72crm is China's 72crm open source based on TP5.0 + ElementUI of a former CRMvueCRM system . 72crm v9 security vulnerabilities , the vulnerability stems from its avatar upload function allows the upload of arbitrary files resulting in an attacker can be carefully crafted PHP files to achieve...
CVE-2022-46610
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
PT-2023-14965 · 72Crm · 72Crm
Name of the Vulnerable Software and Affected Versions: 72crm version 9 Description: The issue is related to an arbitrary file upload vulnerability via the avatar upload function, allowing attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: For 72crm version 9,...
CVE-2022-37178
An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar...
CVE-2022-37181
72crm 9.0 has an Arbitrary file upload vulnerability...
CVE-2022-37178
An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar...
CVE-2022-37181
72crm 9.0 has an Arbitrary file upload vulnerability...
CVE-2022-37181
72crm 9.0 has an Arbitrary file upload vulnerability...
Sql injection
An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar...
CVE-2022-37178
72crm 9.0 contains a SQL Injection vulnerability in the View the task calendar functionality. The issue arises from the input handling in that calendar view, enabling unauthorized access to potentially sensitive data. Affected software: 72crm 9.0; vulnerable component: the task calendar view. Roo...