Laiketui

laiketui

Vendor: Laiketui • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4988 1Laiketui 1Laiketui Jun 17, 2026 Sep 15, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to...Show more A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.Show less
CVE-2023-4559 1Laiketui 1Laiketui Jun 17, 2026 Aug 27, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST R...Show more A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160.Show less
CVE-2021-40956 1Laiketui 1Laiketui Jun 17, 2026 Jun 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.
CVE-2021-40955 1Laiketui 1Laiketui Jun 17, 2026 Jun 23, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SQL injection exists in LaiKetui v3.5.0 the background administrator list.
CVE-2021-40954 1Laiketui 1Laiketui Jun 17, 2026 Jun 23, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
CVE-2020-19159 1Laiketui 1Laiketui Jun 17, 2026 Sep 15, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.
CVE-2021-34129 1Laiketui 1Laiketui Jun 17, 2026 Jun 15, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via direc...Show more LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter.Show less
CVE-2021-34128 1Laiketui 1Laiketui Jun 17, 2026 Jun 15, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pa...Show more LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.Show less