cxcxcxcxcxc
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35079 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | ||
| CVE-2024-33153 | Cri | 0.64 | 9.8 | 0.01 | May 7, 2024 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | ||
| CVE-2024-24026 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2024 | An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | ||
| CVE-2024-33147 | Hig | 0.57 | 8.8 | 0.01 | May 7, 2024 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | ||
| CVE-2024-35081 | Hig | 0.49 | 7.5 | 0.00 | May 23, 2024 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method. | ||
| CVE-2024-33118 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2024 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. | ||
| CVE-2024-33148 | Hig | 0.47 | 7.3 | 0.00 | May 7, 2024 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | ||
| CVE-2024-35085 | Med | 0.35 | 5.4 | 0.00 | May 23, 2024 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. | ||
| CVE-2024-33117 | Med | 0.34 | 5.3 | 0.00 | May 6, 2024 | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. |
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.
- risk 0.64cvss 9.8epss 0.01
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.
- risk 0.64cvss 9.8epss 0.01
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
- risk 0.57cvss 8.8epss 0.01
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.
- risk 0.49cvss 7.5epss 0.00
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.
- risk 0.49cvss 7.5epss 0.00
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.
- risk 0.47cvss 7.3epss 0.00
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.
- risk 0.35cvss 5.4epss 0.00
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.
- risk 0.34cvss 5.3epss 0.00
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.