4 matches found
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...
PT-2024-25120 · Unknown · Luckyframeweb
Name of the Vulnerable Software and Affected Versions: LuckyFrameWeb version 3.5.2 Description: The issue is related to an arbitrary read vulnerability. It affects the fileDownload method in the class com.luckyframe.project.common.CommonController. Recommendations: For LuckyFrameWeb version 3.5.2...
CVE-2023-24219
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml...
CVE-2023-24221
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml...