Lucene search
K
LakernoteEasyadmin

5 matches found

CVE
CVE
added 2024/03/22 6:31 p.m.85 views

CVE-2024-2825

CVE-2024-2825 (lakernote EasyAdmin) : A critical path-traversal vulnerability affects an unknown part of the file /ureport/designer/saveReportFile. Manipulating the file argument enables path traversal (e.g., ../filedir) and can be exploited remotely. Multiple sources confirm the issue for lakern...

8.8CVSS6.5AI score0.00733EPSS
Web
CVE
CVE
added 2024/03/22 7:0 p.m.70 views

CVE-2024-2826

CVE-2024-2826 affects lakernote EasyAdmin up to 20240315. Affected component: /ureport/designer/saveReportFile. Root cause: XML External Entity (XXE) reference leading to potential remote exploitation. Impact: stated as high for confidentiality, integrity, and availability per NVD CVSS details. E...

8.8CVSS6.5AI score0.00628EPSS
Web
CVE
CVE
added 2024/03/22 7:31 p.m.70 views

CVE-2024-2828

CVE-2024-2828 affects lakernote EasyAdmin, specifically the function thumbnail in src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The issue arises from manipulation of the argument url, leading to a server-side request forgery (SSRF) . Exploitation was disclosed publicly...

8.8CVSS6.5AI score0.00556EPSS
CVE
CVE
added 2024/03/22 7:0 p.m.67 views

CVE-2024-2827

CVE-2024-2827 affects lakernote EasyAdmin (up to 20240315). The vulnerability is a server-side request forgery targeting the file path "/ureport/designer/saveReportFile", enabling a remote attacker to trigger SSRF. Public disclosure and multiple sources confirm exploitation potential; CVSS metric...

8.8CVSS6.5AI score0.00562EPSS
CVE
CVE
added 2024/05/26 11:0 p.m.67 views

CVE-2024-5383

CVE-2024-5383 affects lakernote EasyAdmin up to 20240324, with a cross-site scripting flaw in the /sys/file/upload handler. The vulnerability arises from manipulation of the file parameter, enabling remote exploitation. Publicly disclosed exploit details exist. Patch identifier: 9c8a836ace17a93c4...

5.4CVSS3.7AI score0.00337EPSS
Web