Alldata Security Vulnerabilities and Issues — Alldata CVE List

Lucene search

AlldataAlldata

7 matches found

CVE•added 2024/04/02 9:15 p.m.•77 views

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.

9.1CVSS6.9AI score0.00141EPSS

CVE•added 2024/04/02 9:15 p.m.•63 views

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.

9.8CVSS7.2AI score0.00181EPSS

CVE•added 2024/04/02 9:15 p.m.•49 views

CVE-2024-29432

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.

9.8CVSS8.2AI score0.00118EPSS

CVE•added 2024/04/01 8:15 p.m.•44 views

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.

9.8CVSS7.7AI score0.00095EPSS

CVE•added 2024/04/02 9:15 p.m.•43 views

CVE-2024-27605

Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.

7.5CVSS6.4AI score0.00112EPSS

CVE•added 2024/04/02 10:15 p.m.•39 views

CVE-2024-29434

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file.

8.3CVSS7.1AI score0.00494EPSS

CVE•added 2024/04/01 8:15 p.m.•37 views

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.

4.1CVSS7.1AI score0.00099EPSS