CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2024-29432

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...

PT-2024-22894 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue in the system image upload interface allows attackers to execute a directory traversal when uploading a file. This enables them to access or modify files outside the intended directory, potentially...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

PT-2024-22895 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: An issue in Alldata allows an attacker to run arbitrary commands via the processId parameter. Recommendations: For Alldata version 0.4.6, avoid using the processId parameter until a fix is available. As a...

PT-2024-22893 · Fastjson +1 · Fastjson +1

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: A deserialization vulnerability in the FASTJSON component allows attackers to execute arbitrary commands via supplying crafted data. Recommendations: For Alldata version 0.4.6, at the moment, there is no...