Zheng Jie

3 exploits Active since Sep 2024
CVE-2024-44676 WRITEUP MEDIUM WRITEUP
eladmin < 2.7 - Cross-Site Scripting via LocalStoreController
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
CVSS 4.8
CVE-2024-44677 WRITEUP CRITICAL WRITEUP
eladmin < 2.7 - Server-Side Request Forgery via DatabaseController.java
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
CVSS 9.8
CVE-2025-70997 WRITEUP MEDIUM STUB
eladmin < 2.7 - Unauthenticated Arbitrary Password Reset
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
CVSS 6.5