CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6241 – Pear Admin Boot getDictItems sql injection
https://notcve.org/view.php?id=CVE-2024-6241
A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5IPQ https://gitee.com/pear-admin/Pear-Admin-Boot/issues/IA5KBS https://vuldb.com/?ctiid.269375 https://vuldb.com/?id.269375 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29378
https://notcve.org/view.php?id=CVE-2021-29378
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. SQL Injection en pear-admin-think versión 2.1.2, permite a los atacantes ejecutar código arbitrario y escalar privilegios a través de una petición GET a Crud.php. • https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30417
https://notcve.org/view.php?id=CVE-2023-30417
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. • https://gitee.com/pear-admin/Pear-Admin-Boot/issues/I6SXHX • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23903
https://notcve.org/view.php?id=CVE-2022-23903
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en pearadmin pear-admin-think versiones anteriores a 5.0.6 incluyéndola, que permite a una cuenta de acceso acceder a funciones arbitrarias y causar una vulnerabilidad de tipo XSS almacenado mediante un User-Agent falso • https://github.com/pearadmin/pear-admin-think/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29377
https://notcve.org/view.php?id=CVE-2021-29377
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt. Pear Admin Think versiones hasta 2.1.2, presenta una vulnerabilidad de carga de archivos arbitraria que permite a atacantes ejecutar código arbitrario remotamente. Un archivo .php puede ser cargado por medio del componente admin.php/index/upload porque el archivo app/common/service/UploadService.php maneja inapropiadamente fileExt. • https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DI3T • CWE-434: Unrestricted Upload of File with Dangerous Type •