Luckyframeweb Security Vulnerabilities and Issues — Luckyframeweb CVE List

Lucene search

LuckyframeLuckyframeweb

5 matches found

CVE•added 2023/02/17 7:15 a.m.•94 views

CVE-2023-24220

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.

9.8CVSS9.7AI score0.00253EPSS

CVE•added 2024/05/23 5:15 p.m.•72 views

CVE-2024-35081

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.

7.5CVSS7.4AI score0.00278EPSS

CVE•added 2024/05/06 8:15 p.m.•42 views

CVE-2024-33118

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.

7.5CVSS7.3AI score0.0013EPSS

CVE•added 2023/02/17 7:15 a.m.•37 views

CVE-2023-24219

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.

9.8CVSS9.7AI score0.00253EPSS

CVE•added 2023/02/17 7:15 a.m.•30 views

CVE-2023-24221

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.

9.8CVSS9.7AI score0.00253EPSS