Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 | 
|---|---|---|---|---|
| CVE-2025-8530 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2025-09-12 | 5.3 Medium | 
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51242 | 1 Eladmin | 1 Eladmin | 2025-05-17 | 6.5 Medium | 
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF. | ||||
| CVE-2025-3250 | 1 Eladmin | 1 Eladmin | 2025-05-15 | 4.3 Medium | 
| A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-22978 | 1 Eladmin | 1 Eladmin | 2025-05-13 | 9.8 Critical | 
| eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | ||||
| CVE-2024-51243 | 1 Eladmin | 1 Eladmin | 2025-05-06 | 7.2 High | 
| The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. | ||||
| CVE-2025-2855 | 1 Eladmin | 1 Eladmin | 2025-05-06 | 4.7 Medium | 
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely. | ||||
| CVE-2024-44676 | 1 Eladmin | 1 Eladmin | 2025-04-14 | 6.1 Medium | 
| eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. | ||||
| CVE-2024-44677 | 1 Eladmin | 1 Eladmin | 2025-04-08 | 9.8 Critical | 
| eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. | ||||
| CVE-2024-7458 | 2 Eladmin, Elunez | 2 Eladmin, Eladmin | 2024-08-06 | 5.5 Medium | 
| A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. | ||||
                            
                                
                                
                                    Page 1 of 1.