VYPR

LuckyFrameWeb

by LuckyFrameWeb

CVEs (5)

  • CVE-2023-24221CriFeb 17, 2023
    risk 0.64cvss 9.8epss 0.01

    LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.

  • CVE-2023-24220CriFeb 17, 2023
    risk 0.64cvss 9.8epss 0.01

    LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.

  • CVE-2023-24219CriFeb 17, 2023
    risk 0.64cvss 9.8epss 0.01

    LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.

  • CVE-2024-35081HigMay 23, 2024
    risk 0.49cvss 7.5epss 0.00

    LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.

  • CVE-2024-33118HigMay 6, 2024
    risk 0.49cvss 7.5epss 0.00

    LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.