Laiketui: >> Laiketui >> 3.5.0 Security Vulnerabilities
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-06-23
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-23
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-23
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
CVSS Score
8.8
EPSS Score
0.007
Published
2021-06-15
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.
CVSS Score
8.1
EPSS Score
0.009
Published
2021-06-15