5 matches found
CVE-2024-2825
CVE-2024-2825 (lakernote EasyAdmin) : A critical path-traversal vulnerability affects an unknown part of the file /ureport/designer/saveReportFile. Manipulating the file argument enables path traversal (e.g., ../filedir) and can be exploited remotely. Multiple sources confirm the issue for lakern...
CVE-2024-2826
CVE-2024-2826 affects lakernote EasyAdmin up to 20240315. Affected component: /ureport/designer/saveReportFile. Root cause: XML External Entity (XXE) reference leading to potential remote exploitation. Impact: stated as high for confidentiality, integrity, and availability per NVD CVSS details. E...
CVE-2024-2828
CVE-2024-2828 affects lakernote EasyAdmin, specifically the function thumbnail in src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The issue arises from manipulation of the argument url, leading to a server-side request forgery (SSRF) . Exploitation was disclosed publicly...
CVE-2024-2827
CVE-2024-2827 affects lakernote EasyAdmin (up to 20240315). The vulnerability is a server-side request forgery targeting the file path "/ureport/designer/saveReportFile", enabling a remote attacker to trigger SSRF. Public disclosure and multiple sources confirm exploitation potential; CVSS metric...
CVE-2024-5383
CVE-2024-5383 affects lakernote EasyAdmin up to 20240324, with a cross-site scripting flaw in the /sys/file/upload handler. The vulnerability arises from manipulation of the file parameter, enabling remote exploitation. Publicly disclosed exploit details exist. Patch identifier: 9c8a836ace17a93c4...