Vulnerabilities > Laiketui > Laiketui
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-4988 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. | 9.8 |
| 2023-08-27 | CVE-2023-4559 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. | 9.8 |
| 2022-06-23 | CVE-2021-40954 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0 Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. | 7.5 |
| 2022-06-23 | CVE-2021-40955 | SQL Injection vulnerability in Laiketui 3.5.0 SQL injection exists in LaiKetui v3.5.0 the background administrator list. | 6.5 |
| 2022-06-23 | CVE-2021-40956 | SQL Injection vulnerability in Laiketui 3.5.0 LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | 5.0 |
| 2021-09-15 | CVE-2020-19159 | Cross-Site Request Forgery (CSRF) vulnerability in Laiketui 3.0 Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'. | 6.8 |
| 2021-06-15 | CVE-2021-34128 | Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | 6.5 |
| 2021-06-15 | CVE-2021-34129 | Path Traversal vulnerability in Laiketui 3.5.0 LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. | 5.5 |