ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from a security issue in the system's image upload interface that allows ...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6 that stems from system commands that can be deserialized...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from the disclosure of interface documentation for multiple modules, e.g....

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from vulnerability to unsecured privileges, where information about users...

ALLDATA SQL注入漏洞

ALLDATA is an online resource for automotive original equipment manufacturer information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A SQL injection vulnerability exists in ALLDATA version V0.4.6, which stems from the tablename parameter in...

CVE-2024-29432

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control, resulting in leakage of interface documents (e.g., /api/system/v2/api-docs). The CVE details from multiple sources describe an externally reachable risk with high impact to confidentiality and integrity, and a critical CVSS 3.1 score (9.1)...

CVE-2024-29432

Summary: CVE-2024-29432 affects Alldata v0.4.6 and is a SQL injection flaw exploitable via the tablename parameter in /data/masterdata/datas. The vulnerability details are supported by multiple connected sources, all citing the same description. Affected component: Alldata v0.4.6 (data/masterdata...

CVE-2024-27604

CVE-2024-27604 affects Alldata V0.4.6. Multiple sources (NVD, Red Hat, CVE list, CNNVD, etc.) describe a command-execution vulnerability where system commands can be deserialized. CVSS:3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction required, and full impact on confi...

CVE-2024-27605

CVE-2024-27605 affects Alldata v0.4.6 and describes an Insecure Permissions issue that allows non-authenticated or insufficiently privileged users (e.g., user/test) to query information about other users in the system. Root cause cited across connected sources is misconfigured permissions exposin...

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...

CVE-2024-27605

Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...

CVE-2024-29432

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...

CVE-2024-27605

Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...

CVE-2024-29434

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

PT-2024-22894 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue in the system image upload interface allows attackers to execute a directory traversal when uploading a file. This enables them to access or modify files outside the intended directory, potentially...

PT-2024-21964 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue allows users, such as test, to query information about the users in the system due to insecure permissions. Recommendations: For Alldata version 0.4.6, restrict access to sensitive user information...