28 matches found
CVE-2023-42180
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...
PT-2023-28285
Name of the Vulnerable Software and Affected Versions Lenosp versions 1.0.0 through 1.2.0 Description The issue concerns SQL Injection via the log query module. Recommendations For versions 1.0.0 through 1.2.0, consider restricting access to the log query module to minimize the risk of...
CVE-2023-42178
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...
CVE-2023-42180
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...
CVE-2023-42178
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module...
Lenosp SQL Injection Vulnerability
Lenosp is a Spring Boot 2.0 rapid development modular scaffolding organized by Zhengzhou Programmers zzdevelop in China. A security vulnerability exists in Lenosp versions 1.0.0 through 1.2.0, which stems from easy SQL injection via the Log Query module...
CVE-2023-42178
Lenosp versions 1.0.0–1.2.0 are vulnerable to SQL Injection via the log query module. The connected documents confirm the affected range and the module as the entry point, but do not provide exploit specifics. PT-2023-28285 suggests restricting access to the log query module as a mitigation until...
CVE-2023-42180
CVE-2023-42180 affects lenosp versions 1.0–1.2.0. The vulnerability is an arbitrary file upload in the /user/upload component that allows an attacker to execute HTML code through a crafted JPG file. This is a root-cause issue in handling file uploads rather than a traditional code-path flaw, as r...