Vendor
Tingyuu
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19302 | Cri | 0.64 | 9.8 | 0.02 | Aug 3, 2021 | An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php". | ||
| CVE-2020-19301 | Cri | 0.64 | 9.8 | 0.03 | Aug 3, 2021 | A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | ||
| CVE-2024-38971 | Med | 0.35 | 5.4 | 0.00 | Jul 9, 2024 | vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. | ||
| CVE-2024-38970 | Med | 0.32 | 4.9 | 0.00 | Jul 9, 2024 | vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. |
- risk 0.64cvss 9.8epss 0.02
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.
- risk 0.35cvss 5.4epss 0.00
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.
- risk 0.32cvss 4.9epss 0.00
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.