MidnightBSD

Advisories for vaethink

CVE-2020-19301 HIGH

A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
vaethink vaethink 1.0.1
CVE-2020-19302 HIGH

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
vaethink vaethink 1.0.1
CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.

Products Affected

Vendor Product Version
vaethink vaethink 1.0.2
CVE-2024-38971

vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend.

Products Affected

Vendor Product Version
vaethink vaethink 1.0.2