Vulnerabilities > Laiketui > Laiketui > 3.5.0

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2021-40954 Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
network
low complexity
laiketui CWE-434
7.5
7.5
2022-06-23 CVE-2021-40955 SQL Injection vulnerability in Laiketui 3.5.0
SQL injection exists in LaiKetui v3.5.0 the background administrator list.
network
low complexity
laiketui CWE-89
6.5
6.5
2022-06-23 CVE-2021-40956 SQL Injection vulnerability in Laiketui 3.5.0
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
network
low complexity
laiketui CWE-89
5.0
5.0
2021-06-15 CVE-2021-34128 Unrestricted Upload of File with Dangerous Type vulnerability in Laiketui 3.5.0
LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.
network
low complexity
laiketui CWE-434
6.5
6.5
2021-06-15 CVE-2021-34129 Path Traversal vulnerability in Laiketui 3.5.0
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner.
network
low complexity
laiketui CWE-22
5.5
5.5