VYPR

vaeThink

by Tingyuu

CVEs (4)

  • CVE-2020-19302CriAug 3, 2021
    risk 0.64cvss 9.8epss 0.02

    An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".

  • CVE-2020-19301CriAug 3, 2021
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.

  • CVE-2024-38971MedJul 9, 2024
    risk 0.35cvss 5.4epss 0.00

    vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.

  • CVE-2024-38970MedJul 9, 2024
    risk 0.32cvss 4.9epss 0.00

    vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.