EUVD-2026-31983

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2023-2420 MLECMS common.func.php get_url sql injection

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...

CVE-2023-2420

MLECMS 3.0 contains a SQL injection in the get_url function of the /upload/inc/lib/admin module, triggered by manipulating $_SERVER['REQUEST_URI']. This CVE-2023-2420 entry states remote exploitability and public disclosure, rating the issue as CRITICAL per the description. Connected sources cons...

CVE-2023-2420 MLECMS common.func.php get_url sql injection

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function geturl in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $SERVER'REQUESTURI' leads to sql injection. The attack may be...