Luckyframeweb CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Luckyframe Subscriptions

Filtered by product Luckyframeweb Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-24221	1 Luckyframe	1 Luckyframeweb	2025-03-18	9.8 Critical
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.
CVE-2023-24220	1 Luckyframe	1 Luckyframeweb	2025-03-18	9.8 Critical
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.
CVE-2023-24219	1 Luckyframe	1 Luckyframeweb	2025-03-18	9.8 Critical
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.
CVE-2024-35081	1 Luckyframe	1 Luckyframeweb	2025-02-13	7.5 High
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method.
CVE-2024-33118	1 Luckyframe	1 Luckyframeweb	2024-11-21	7.5 High
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.

Page 1 of 1.