l1uyi

4 exploits Active since Sep 2024
CVE-2024-44676 WRITEUP MEDIUM WRITEUP
eladmin < 2.7 - Cross-Site Scripting via LocalStoreController
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
CVSS 4.8
CVE-2024-44677 WRITEUP CRITICAL WRITEUP
eladmin < 2.7 - Server-Side Request Forgery via DatabaseController.java
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
CVSS 9.8
CVE-2024-57151 WRITEUP MEDIUM WRITEUP
rainrocka xinhu <2.6.5 - SQL Injection
SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function
CVSS 6.8
CVE-2025-29446 WRITEUP LOW WRITEUP
open_webui 0.5.16 - Server-Side Request Forgery in verify_connection Function
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.
CVSS 3.3