By-Yexing

5 exploits Active since Feb 2024
CVE-2024-23052 WRITEUP CRITICAL WRITEUP
WuKongOpenSource WukongCRM <9.0.1 - RCE
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
CVSS 9.8
CVE-2024-24059 WRITEUP MEDIUM WRITEUP
springboot-manager 1.6 - Arbitrary File Upload
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.
CVSS 5.4
CVE-2024-24060 WRITEUP MEDIUM WRITEUP
springboot-manager v1.6 - Stored Cross-Site Scripting via /sys/user
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.
CVSS 5.4
CVE-2024-24061 WRITEUP MEDIUM WRITEUP
springboot-manager v1.6 - Stored Cross-Site Scripting via /sysContent/add
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.
CVSS 5.4
CVE-2024-24062 WRITEUP MEDIUM WRITEUP
springboot-manager 1.6 - Stored Cross-Site Scripting via /sys/role
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role.
CVSS 5.4