4 matches found
CVE-2021-34129
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter...
CVE-2021-40955
SQL injection exists in LaiKetui v3.5.0 the background administrator list...
CVE-2020-19159
Cross Site Request Forgery CSRF in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member=add'...
LaikeTui Path Traversal Vulnerability
LaikeTui Laike e-commerce is a stable and small open source mall system for individual developers. LaikeTui in the path traversal vulnerability , an attacker can exploit the vulnerability to delete arbitrary files...