19 matches found
CVE-2025-15108
A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...
CVE-2025-15108
A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...
CVE-2025-15108
A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...
CVE-2025-15108 PandaXGO PandaX JWT Secret config.yml hard-coded key
A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...
CVE-2025-15108
PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 is affected in the JWT Secret Handler component. The issue stems from manipulating the key argument in config.yml, resulting in use of a hard-coded cryptographic key. The vulnerability can be exploited remotely and is described with h...
PandaX 安全漏洞
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX that stems from incorrect manipulation of the parameter key in the file config.yml, which could lead to the use of hard-coded keys...
CVE-2024-2565
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to...
CVE-2024-2565
CVE-2024-2565 affects PandaXGO PandaX up to 20240310. The File Extension Handler’s /apps/system/router/upload.go contains a vulnerability in an unknown function that allows manipulating the file argument to achieve unrestricted file uploads. It can be exploited remotely and the exploit has been d...
CVE-2024-2564
A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The explo...
CVE-2024-2564
CVE-2024-2564 affects PandaXGO PandaX up to 20240310 . The vulnerability is in the function ExportUser (file /apps/system/api/user.go ); manipulating the filename parameter enables a path traversal (e.g., '../filedir'), potentially allowing access to files outside the intended directory. Exploita...
CVE-2024-2562
A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/rolemenu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2024-2563
The CVE-2024-2563 entry concerns PandaXGO PandaX up to 20240310. A path traversal flaw exists in the DeleteImage function in /apps/system/router/upload.go, where an attacker can manipulate the fileName parameter (e.g., ../../../../../../../../../tmp/1.txt) to traverse to ../filedir. The issue is ...
CVE-2024-2563 PandaXGO PandaX upload.go DeleteImage path traversal
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path...
CVE-2024-2562
CVE-2024-2562 affects PandaXGO PandaX up to 20240310, targeting the InsertRole function in /apps/system/services/role_menu.go. The vulnerability arises from improper handling of the roleKey parameter, enabling SQL injection. Exploitation is possible remotely, and multiple sources note public disc...
PandaX Code Issues Vulnerabilities
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A code issue vulnerability exists in PandaX version 20240310 and prior versions, which stems from an incorrect manipulation of the parameter file can lead to unrestricted file...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...
PT-2024-21065 · Unknown · Pandaxgo Pandax
Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been found in the File Extension Handler component, specifically in the /apps/system/router/upload.go file. The manipulation of the file argument leads to unrestricted upload...
PandaX Security Vulnerability
PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...
PandaX SQL Injection Vulnerability
PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...