2005 matches found
CVE-2024-7743
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...
CVE-2024-7742
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...
CVE-2024-7743
The CVE-2024-7743 issue affects wanglongcn ltcms 1.0.20, where the downloadUrl function at /api/file/downloadUrl is vulnerable to server-side request forgery via manipulation of the file argument. It can be exploited remotely and has been publicly disclosed; vendor contact attempts were unsuccess...
CVE-2024-7743 wanglongcn ltcms API Endpoint downloadUrl server-side request forgery
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...
CVE-2024-7743 wanglongcn ltcms API Endpoint downloadUrl server-side request forgery
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attac...
CVE-2024-7742
The CVE-2024-7742 vulnerability affects wanglongcn ltcms 1.0.20, specifically the multiDownload function in /api/file/multiDownload. The issue arises from manipulating the file argument, leading to server-side request forgery (SSRF). It is a remote exploit, and public exploits have been disclosed...
CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...
CVE-2024-7742 wanglongcn ltcms API Endpoint multiDownload server-side request forgery
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...
CVE-2024-7741
A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...
CVE-2024-7740
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...
CVE-2024-7740
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...
CVE-2024-7741
CVE-2024-7741 affects wanglongcn ltcms 1.0.20. The issue is in the API Endpoint function downloadFile (/api/file/downloadfile) where manipulation of the file parameter enables path traversal. The attack could be launched remotely and the exploit has been disclosed publicly. No public details in t...
CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal
A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...
CVE-2024-7741 wanglongcn ltcms API Endpoint downloadfile downloadFile path traversal
A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The...
CVE-2024-7740
CVE-2024-7740 — Wanglong LTcms 1.0.20 : A server-side request forgery (SSRF) vulnerability exists in the API Endpoint download function (/api/test/download) triggered by manipulating the url parameter. The issue is exploitable remotely, with public disclosures noted. Affected software: Wanglong L...
CVE-2024-7740 wanglongcn ltcms API Endpoint download server-side request forgery
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...
CVE-2024-7740 wanglongcn ltcms API Endpoint download server-side request forgery
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiat...
PT-2024-6173 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...
PT-2024-8613 · Tenda · Tenda Ac6
Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.19 Description: A critical issue has been found in the formWriteFacMac function of the /goform/WriteFacMac API endpoint. The manipulation of the mac parameter leads to command injection. This issue can be exploited...
PT-2024-5562
SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...