CVE-2024-29432

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control, resulting in leakage of interface documents (e.g., /api/system/v2/api-docs). The CVE details from multiple sources describe an externally reachable risk with high impact to confidentiality and integrity, and a critical CVSS 3.1 score (9.1)...

PT-2024-21962 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue is related to Incorrect Access Control, resulting in the leakage of many modules' interface documents. For example, the "/api/system/v2/api-docs" module is affected. Recommendations: For Alldata...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

PT-2024-22895 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: An issue in Alldata allows an attacker to run arbitrary commands via the processId parameter. Recommendations: For Alldata version 0.4.6, avoid using the processId parameter until a fix is available. As a...

CVE-2024-29435

Summary : CVE-2024-29435 affects Alldata v0.4.6, enabling an attacker to execute arbitrary commands via the processId parameter. Affected software : Alldata version 0.4.6. Impact : arbitrary command execution (described as high-risk functionality exposure in multiple sources); CVSS 3.1 base score...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version v0.4.6, which stems from a deserialization vulnerability in the FASTJSON component that allow...

PT-2024-22893 · Fastjson +1 · Fastjson +1

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: A deserialization vulnerability in the FASTJSON component allows attackers to execute arbitrary commands via supplying crafted data. Recommendations: For Alldata version 0.4.6, at the moment, there is no...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version v0.4.6 that originated from allowing an attacker to run arbitrary commands via the processId...

alldata.com XSS vulnerability

Vulnerable URL: http://www.alldata.com/search/%22%3E%3Csvg%20onload=alert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 77723 VIP website status:| No...