Vulnerabilities > Luckyframe

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-24219 SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.
network
low complexity
luckyframe CWE-89
critical
9.8
2023-02-17 CVE-2023-24220 SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.
network
low complexity
luckyframe CWE-89
critical
9.8
2023-02-17 CVE-2023-24221 SQL Injection vulnerability in Luckyframe Luckyframeweb 3.5
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.
network
low complexity
luckyframe CWE-89
critical
9.8