CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

LuckyFrame is a free and open source testing platform. A security vulnerability exists in Luckyframe v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/UserMapper.xml...

9.8CVSS8.7AI score0.00566EPSS

Exploits1References2

Cvelist•added 2023/02/17 12:0 a.m.•11 views

CVE-2023-24220

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml...

10AI score0.00566EPSS

Exploits1References1

Cvelist•added 2023/02/17 12:0 a.m.•13 views

CVE-2023-24219

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...

10AI score0.00566EPSS

Exploits1References1

CVE•added 2023/02/17 12:0 a.m.•40 views

CVE-2023-24221

Affected product: LuckyframeWEB v3.5. Vulnerability: SQL injection via the dataScope parameter in /system/DeptMapper.xml. Root cause: unsanitized input leading to query manipulation (as stated in CVE records). Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Ex...

9.8CVSS9.7AI score0.00566EPSS

Exploits1References1Affected Software1

CVE•added 2023/02/17 12:0 a.m.•46 views

CVE-2023-24219

CVE-2023-24219 affects LuckyframeWEB v3.5. The vulnerability is a SQL injection in the dataScope parameter of /system/UserMapper.xml. The root cause, as described in the sources, is improper handling/use of user-supplied data in dataScope, leading to high-severity impact (CVE metrics show Confide...

9.8CVSS9.7AI score0.00566EPSS

Exploits1References1Affected Software1