CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51242
https://notcve.org/view.php?id=CVE-2024-51242
30 Oct 2024 — A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF. Se ha identificado una vulnerabilidad de Server-Side Request Forgery (SSRF) en eladmin 2.7 y versiones anteriores en ServerDeployController.java. La manipulación del parámetro ip del cuerpo HTTP conduce a SSRF. • https://github.com/shadia0/Patienc/blob/main/eladmin_ssrf.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51243
https://notcve.org/view.php?id=CVE-2024-51243
30 Oct 2024 — The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Eladmin v2.7 y anteriores contienen una vulnerabilidad de ejecución remota de código (RCE) que puede controlar todos los servidores de implementación de aplicaciones de este sistema de administración a través de DeployController.java. • https://github.com/shadia0/Patienc/blob/main/eladmin_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44676
https://notcve.org/view.php?id=CVE-2024-44676
10 Sep 2024 — eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44677
https://notcve.org/view.php?id=CVE-2024-44677
10 Sep 2024 — eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md • CWE-352: Cross-Site Request Forgery (CSRF) •