laiketui 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk csrf, and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-4988 | A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799. | [email protected] | 6.3 | 0.50% | 2023-09-15 | 2024-11-21 |
| CVE-2023-4559 | A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulner | [email protected] | 6.3 | 0.52% | 2023-08-27 | 2024-11-21 |
| CVE-2021-40956 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | [email protected] | 7.5 | 0.93% | 2022-06-23 | 2024-11-21 |
| CVE-2021-40955 | SQL injection exists in LaiKetui v3.5.0 the background administrator list. | [email protected] | 7.2 | 0.83% | 2022-06-23 | 2024-11-21 |
| CVE-2021-40954 | Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. | [email protected] | 9.8 | 1.39% | 2022-06-23 | 2024-11-21 |
| CVE-2020-19159 | Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | [email protected] | 8.8 | 0.97% | 2021-09-15 | 2024-11-21 |
| CVE-2021-34129 | LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. | [email protected] | 8.1 | 1.75% | 2021-06-15 | 2024-11-21 |
| CVE-2021-34128 | LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | [email protected] | 8.8 | 1.49% | 2021-06-15 | 2024-11-21 |