cool-team-official

CVE-2024-57408 WRITEUP HIGH STUB

cool-admin-java 1.0 - Arbitrary File Upload via /comm/upload Endpoint

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS 7.2

View Code

CVE-2024-57409 WRITEUP MEDIUM STUB

cool-admin-java 1.0 - Stored Cross-Site Scripting via Internet Pictures Field

A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field.

CVSS 4.8

View Code