CVE-2024-2826

MEDIUM

Lakernote Easyadmin < 2024-03-15 - XXE

Title source: rule

Description

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.

Exploits (1)

gitee 1,842 stars

by lakernote · javawriteup

https://gitee.com/lakernote/easy-admin/issues/I98ZTA

References (3)

[Exploit, Issue Tracking] https://gitee.com/lakernote/easy-admin/issues/I98ZTA

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.257716

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.257716

Scores

CVSS v3 6.3

EPSS 0.0008

EPSS Percentile 23.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-611

Status published

Products (1)

lakernote/easyadmin < 2024-03-15

Published Mar 22, 2024

Tracked Since Feb 18, 2026