57 matches found
CVE-2024-29434
The CVE-2024-29434 affects Alldata v0.4.6, where the system image upload interface is vulnerable to directory traversal during file upload. The issue is documented across multiple sources (NVD/Red Hat/PTSecurity/CNNVD/CVE list) with a high impact (C:H/I:H) and low attack complexity, requiring low...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
PT-2024-22894 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue in the system image upload interface allows attackers to execute a directory traversal when uploading a file. This enables them to access or modify files outside the intended directory, potentially...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6 that stems from system commands that can be deserialized...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from vulnerability to unsecured privileges, where information about users...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from the disclosure of interface documentation for multiple modules, e.g....
PT-2024-21964 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue allows users, such as test, to query information about the users in the system due to insecure permissions. Recommendations: For Alldata version 0.4.6, restrict access to sensitive user information...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from a security issue in the system's image upload interface that allows ...
ALLDATA SQL注入漏洞
ALLDATA is an online resource for automotive original equipment manufacturer information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A SQL injection vulnerability exists in ALLDATA version V0.4.6, which stems from the tablename parameter in...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-27604
CVE-2024-27604 affects Alldata V0.4.6. Multiple sources (NVD, Red Hat, CVE list, CNNVD, etc.) describe a command-execution vulnerability where system commands can be deserialized. CVSS:3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required, and full impact on confi...
CVE-2024-27605
CVE-2024-27605 affects Alldata v0.4.6 and describes an Insecure Permissions issue that allows non-authenticated or insufficiently privileged users (e.g., user/test) to query information about other users in the system. Root cause cited across connected sources is misconfigured permissions exposin...