Laiketui
by Bettershop
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34128 | Hig | 0.57 | 8.8 | 0.01 | Jun 15, 2021 | LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | ||
| CVE-2021-34129 | Hig | 0.53 | 8.1 | 0.02 | Jun 15, 2021 | LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl… | ||
| CVE-2021-40956 | Hig | 0.49 | 7.5 | 0.01 | Jun 23, 2022 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | ||
| CVE-2021-40955 | Hig | 0.47 | 7.2 | 0.01 | Jun 23, 2022 | SQL injection exists in LaiKetui v3.5.0 the background administrator list. | ||
| CVE-2023-4988 | Med | 0.41 | 6.3 | 0.01 | Sep 15, 2023 | A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack… | ||
| CVE-2023-4559 | Med | 0.41 | 6.3 | 0.01 | Aug 27, 2023 | A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted… |
- risk 0.57cvss 8.8epss 0.01
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
- risk 0.53cvss 8.1epss 0.02
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl…
- risk 0.49cvss 7.5epss 0.01
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
- risk 0.47cvss 7.2epss 0.01
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
- risk 0.41cvss 6.3epss 0.01
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack…
- risk 0.41cvss 6.3epss 0.01
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted…