VYPR
Vendor

Landray

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2023-41566HigJul 17, 2025
    risk 0.53cvss 8.1epss 0.00

    OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.

  • CVE-2024-11238MedNov 15, 2024
    risk 0.43cvss 6.5epss 0.06

    A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal.…

  • CVE-2024-48068MedNov 15, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-11239MedNov 15, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path…

  • CVE-2021-3159MedJul 23, 2021
    risk 0.35cvss 5.4epss 0.01

    A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.

  • CVE-2025-22214MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.01

    Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.