Zheng Jie - Security Researcher - Exploit Intelligence Platform

CVE-2024-44676 WRITEUP MEDIUM WRITEUP

eladmin <2.7 - XSS

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

CVSS 4.8

View Code

CVE-2024-44677 WRITEUP CRITICAL WRITEUP

eladmin <2.7 - SSRF

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

CVSS 9.8

View Code

CVE-2025-70997 WRITEUP MEDIUM STUB

Eladmin < 2.7 - Incorrect Authorization

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.

CVSS 6.5

View Code