CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29378
https://notcve.org/view.php?id=CVE-2021-29378
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php. SQL Injection en pear-admin-think versión 2.1.2, permite a los atacantes ejecutar código arbitrario y escalar privilegios a través de una petición GET a Crud.php. • https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DIEC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23903
https://notcve.org/view.php?id=CVE-2022-23903
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en pearadmin pear-admin-think versiones anteriores a 5.0.6 incluyéndola, que permite a una cuenta de acceso acceder a funciones arbitrarias y causar una vulnerabilidad de tipo XSS almacenado mediante un User-Agent falso • https://github.com/pearadmin/pear-admin-think/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •