Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Laiketui Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19159 1 Laiketui 1 Laiketui 2022-09-13 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
CVE-2021-40956 1 Laiketui 1 Laiketui 2022-06-29 5.0 MEDIUM 7.5 HIGH
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVE-2021-40955 1 Laiketui 1 Laiketui 2022-06-29 6.5 MEDIUM 7.2 HIGH
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVE-2021-40954 1 Laiketui 1 Laiketui 2022-06-29 7.5 HIGH 9.8 CRITICAL
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2021-34128 1 Laiketui 1 Laiketui 2021-06-21 6.5 MEDIUM 8.8 HIGH
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
CVE-2021-34129 1 Laiketui 1 Laiketui 2021-06-21 5.5 MEDIUM 8.1 HIGH
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.