CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-34129

LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.3%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

https://github.com/bettershop/LaikeTui/issues/9
https://github.com/bettershop/LaikeTui/issues/9

Products affected by CVE-2021-34129

Laiketui » Laiketui » Version: 3.5.0

cpe:2.3:a:laiketui:laiketui:3.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34129

Products

Pricing

Contact Us