A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-09-15
Updated
2024-03-21
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160.
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-08-27
Updated
2024-03-21
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-06-23
Updated
2022-06-29
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
Max CVSS
7.2
EPSS Score
0.09%
Published
2022-06-23
Updated
2022-06-29
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.30%
Published
2022-06-23
Updated
2022-06-29
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.
Max CVSS
8.1
EPSS Score
0.18%
Published
2021-06-15
Updated
2021-06-21
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
Max CVSS
8.8
EPSS Score
0.32%
Published
2021-06-15
Updated
2021-06-21
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-09-15
Updated
2022-09-13
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!