CVE-2024-2825

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2827 lakernote EasyAdmin saveReportFile server-side request forgery

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploi...

CVE-2024-2827 lakernote EasyAdmin saveReportFile server-side request forgery

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploi...

CVE-2024-2827

CVE-2024-2827 affects lakernote EasyAdmin (up to 20240315). The vulnerability is a server-side request forgery targeting the file path "/ureport/designer/saveReportFile", enabling a remote attacker to trigger SSRF. Public disclosure and multiple sources confirm exploitation potential; CVSS metric...

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

CVE-2024-2826 lakernote EasyAdmin saveReportFile xml external entity reference

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been...

CVE-2024-2826

CVE-2024-2826 affects lakernote EasyAdmin up to 20240315. Affected component: /ureport/designer/saveReportFile. Root cause: XML External Entity (XXE) reference leading to potential remote exploitation. Impact: stated as high for confidentiality, integrity, and availability per NVD CVSS details. E...

CVE-2024-2825 lakernote EasyAdmin saveReportFile path traversal

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2825 lakernote EasyAdmin saveReportFile path traversal

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

CVE-2024-2825

CVE-2024-2825 (lakernote EasyAdmin) : A critical path-traversal vulnerability affects an unknown part of the file /ureport/designer/saveReportFile. Manipulating the file argument enables path traversal (e.g., ../filedir) and can be exploited remotely. Multiple sources confirm the issue for lakern...

PT-2024-22378 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin versions up to 20240315 Description: A critical issue was found in the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...

EasyAdmin 安全漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A security vulnerability exists in EasyAdmin version 20240315 and earlier versions, which stems from path traversal due to incorrect manipulation of the parameter file...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker exploited the vulnerability to cause xml external entity references...

PT-2024-22365 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A critical vulnerability has been found in lakernote EasyAdmin. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the file argument leads to path...

Easyadmin 代码问题漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker personal developer. A code issue vulnerability exists in EasyAdmin version 20240315 and prior versions. An attacker could exploit this vulnerability to perform a server-side request forgery attack...

PT-2024-22369 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A vulnerability was found in lakernote EasyAdmin, affecting unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be...

PT-2024-22372 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A critical issue has been found in lakernote EasyAdmin, affecting some unknown processing of the file "/ureport/designer/saveReportFile". The manipulation leads to server-side request forgery. T...

Cross-site Scripting (XSS) - Stored in zhongshaofa/easyadmin

Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept At Upload Management Upload File Image with filename : Sun'set.jpg Image Upload File https://user-images.githubusercontent.com/31820707/133646077-b6a14692-fea3-4a37-95e7-eb4c4e6f9073.png Image XSS...

CVE-2020-25917

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser....