MidnightBSD

Advisories for linqi

CVE-2024-33863

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.

Products Affected

Vendor Product Version
linqi linqi *
CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.

Products Affected

Vendor Product Version
linqi linqi *
CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.

Products Affected

Vendor Product Version
linqi linqi *
CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS.

Products Affected

Vendor Product Version
linqi linqi *
CVE-2024-33867

An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt.

Products Affected

Vendor Product Version
linqi linqi *
CVE-2024-33868

An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.

Products Affected

Vendor Product Version
linqi linqi *