ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez personal developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from the exportUser function not escaping and filtering exported CSV content, which allows remote attackers to inject malicious CSV loads...

PT-2025-34145 · Elunez · Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A security flaw has been discovered in elunez eladmin up to version 2.7. This issue affects an unknown functionality of the file /auth/info. Manipulation of this functionality results in...

CVE-2025-8530

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument...

CVE-2025-8530

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument...

CVE-2025-8530

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument...

CVE-2025-8530

CVE-2025-8530 affects elunez eladmin up to 2.7, with the Druid component’s configuration file eladmin-system/src/main/resources/config/application-prod.yml where manipulation of login-username/login-password can cause default credentials to be used. This vulnerability can be exploited remotely, a...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez individual developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from the use of default credentials that allow an attacker to remotely log in directly and disclose sensitive information...

PT-2025-31877 · Elunez · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions up to 2.7 Description: A problematic issue has been identified in elunez eladmin. The vulnerability involves the use of default credentials due to the manipulation of the login-username and login-password arguments...

CVE-2024-7458

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversa...

CVE-2024-51243

The eladmin v2.7 and before contains a remote code execution RCE vulnerability that can control all application deployment servers of this management system via DeployController.java...

CVE-2024-51242

A Server-Side Request Forgery SSRF vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF...

CVE-2025-3250

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...

CVE-2025-3250

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...

CVE-2025-3250 elunez eladmin Maintenance Management Module testConnect deserialization

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...

CVE-2025-3250 elunez eladmin Maintenance Management Module testConnect deserialization

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...

CVE-2025-3250

CVE-2025-3250 affects elunez eladmin 2.7, specifically deserialization in the Maintenance Management Module’s /api/database/testConnect endpoint. Publicly disclosed exploit suggests remote access is possible. Several connected sources corroborate a deserialization flaw in an unknown functionality...

PT-2025-14904 · Unknown · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin version 2.7 Description: A problematic issue has been found in the Maintenance Management Module, affecting some unknown functionality of the file "/api/database/testConnect". This issue leads to deserialization and can be...

ELADMIN 代码问题漏洞

ELADMIN is a backend management system for elunez individual developers. A code issue vulnerability exists in ELADMIN version 2.7 that stems from deserialization...

CVE-2024-44676

eladmin v2.7 and before is vulnerable to Cross Site Scripting XSS which allows an attacker to execute arbitrary code via LocalStoreController. java...

CVE-2024-44677

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the DatabaseController.java component...