57 matches found
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
CVE-2024-29434
The CVE-2024-29434 affects Alldata v0.4.6, where the system image upload interface is vulnerable to directory traversal during file upload. The issue is documented across multiple sources (NVD/Red Hat/PTSecurity/CNNVD/CVE list) with a high impact (C:H/I:H) and low attack complexity, requiring low...
PT-2024-22894 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue in the system image upload interface allows attackers to execute a directory traversal when uploading a file. This enables them to access or modify files outside the intended directory, potentially...
ALLDATA SQL注入漏洞
ALLDATA is an online resource for automotive original equipment manufacturer information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A SQL injection vulnerability exists in ALLDATA version V0.4.6, which stems from the tablename parameter in...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from a security issue in the system's image upload interface that allows ...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6 that stems from system commands that can be deserialized...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from the disclosure of interface documentation for multiple modules, e.g....
CVE-2024-27604
CVE-2024-27604 affects Alldata V0.4.6. Multiple sources (NVD, Red Hat, CVE list, CNNVD, etc.) describe a command-execution vulnerability where system commands can be deserialized. CVSS:3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required, and full impact on confi...
PT-2024-21964 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue allows users, such as test, to query information about the users in the system due to insecure permissions. Recommendations: For Alldata version 0.4.6, restrict access to sensitive user information...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from vulnerability to unsecured privileges, where information about users...
PT-2024-21962 · Alldata · Alldata
Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue is related to Incorrect Access Control, resulting in the leakage of many modules' interface documents. For example, the "/api/system/v2/api-docs" module is affected. Recommendations: For Alldata...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
CVE-2024-29432
Summary: CVE-2024-29432 affects Alldata v0.4.6 and is a SQL injection flaw exploitable via the tablename parameter in /data/masterdata/datas. The vulnerability details are supported by multiple connected sources, all citing the same description. Affected component: Alldata v0.4.6 (data/masterdata...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control, resulting in leakage of interface documents (e.g., /api/system/v2/api-docs). The CVE details from multiple sources describe an externally reachable risk with high impact to confidentiality and integrity, and a critical CVSS 3.1 score (9.1)...
CVE-2024-27605
CVE-2024-27605 affects Alldata v0.4.6 and describes an Insecure Permissions issue that allows non-authenticated or insufficiently privileged users (e.g., user/test) to query information about other users in the system. Root cause cited across connected sources is misconfigured permissions exposin...