VYPR

Laiketui

by Bettershop

CVEs (6)

  • CVE-2021-34128HigJun 15, 2021
    risk 0.57cvss 8.8epss 0.01

    LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.

  • CVE-2021-34129HigJun 15, 2021
    risk 0.53cvss 8.1epss 0.02

    LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl…

  • CVE-2021-40956HigJun 23, 2022
    risk 0.49cvss 7.5epss 0.01

    LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.

  • CVE-2021-40955HigJun 23, 2022
    risk 0.47cvss 7.2epss 0.01

    SQL injection exists in LaiKetui v3.5.0 the background administrator list.

  • CVE-2023-4988MedSep 15, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack…

  • CVE-2023-4559MedAug 27, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted…