3 matches found
CVE-2021-34128
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...
CVE-2021-34128
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...
CVE-2021-34128
LaikeTui 3.5.0 is vulnerable to remote code execution via the upload functionality. Specifically, an authenticated user can trigger arbitrary PHP code execution by uploading a ZIP archive containing a .php file through index.php?module=system&action=pay. The underlying issue is the ZIP upload han...