Search criteria
4 vulnerabilities found for LaikeTui by Bettershop
CVE-2023-4988 (GCVE-0-2023-4988)
Vulnerability from nvd – Published: 2023-09-15 15:00 – Updated: 2024-09-25 14:08
VLAI?
Title
Bettershop LaikeTui unrestricted upload
Summary
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bettershop | LaikeTui |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239799"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239799"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:01:36.415471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:08:38.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LaikeTui",
"vendor": "Bettershop",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "yuanshen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system\u0026action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Bettershop LaikeTui gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei index.php?module=system\u0026action=uploadImg. Durch Beeinflussen des Arguments imgFile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:26:47.021Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239799"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.239799"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T09:26:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bettershop LaikeTui unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4988",
"datePublished": "2023-09-15T15:00:09.019Z",
"dateReserved": "2023-09-15T06:27:11.094Z",
"dateUpdated": "2024-09-25T14:08:38.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4559 (GCVE-0-2023-4559)
Vulnerability from nvd – Published: 2023-08-27 22:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Bettershop LaikeTui POST Request unrestricted upload
Summary
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bettershop | LaikeTui |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.238160"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.238160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LaikeTui",
"vendor": "Bettershop",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "p1nk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api\u0026action=user\u0026m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Bettershop LaikeTui entdeckt. Davon betroffen ist unbekannter Code der Datei index.php?module=api\u0026action=user\u0026m=upload der Komponente POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:02:20.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.238160"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.238160"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-09-20T18:10:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bettershop LaikeTui POST Request unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4559",
"datePublished": "2023-08-27T22:31:06.420Z",
"dateReserved": "2023-08-27T06:15:03.172Z",
"dateUpdated": "2024-08-02T07:31:06.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4988 (GCVE-0-2023-4988)
Vulnerability from cvelistv5 – Published: 2023-09-15 15:00 – Updated: 2024-09-25 14:08
VLAI?
Title
Bettershop LaikeTui unrestricted upload
Summary
A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bettershop | LaikeTui |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239799"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239799"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:01:36.415471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:08:38.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LaikeTui",
"vendor": "Bettershop",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "yuanshen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system\u0026action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Bettershop LaikeTui gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei index.php?module=system\u0026action=uploadImg. Durch Beeinflussen des Arguments imgFile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:26:47.021Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239799"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.239799"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T09:26:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bettershop LaikeTui unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4988",
"datePublished": "2023-09-15T15:00:09.019Z",
"dateReserved": "2023-09-15T06:27:11.094Z",
"dateUpdated": "2024-09-25T14:08:38.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4559 (GCVE-0-2023-4559)
Vulnerability from cvelistv5 – Published: 2023-08-27 22:31 – Updated: 2024-08-02 07:31
VLAI?
Title
Bettershop LaikeTui POST Request unrestricted upload
Summary
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bettershop | LaikeTui |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.238160"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.238160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LaikeTui",
"vendor": "Bettershop",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "p1nk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api\u0026action=user\u0026m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Bettershop LaikeTui entdeckt. Davon betroffen ist unbekannter Code der Datei index.php?module=api\u0026action=user\u0026m=upload der Komponente POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:02:20.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.238160"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.238160"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-09-20T18:10:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bettershop LaikeTui POST Request unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4559",
"datePublished": "2023-08-27T22:31:06.420Z",
"dateReserved": "2023-08-27T06:15:03.172Z",
"dateUpdated": "2024-08-02T07:31:06.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}