Filtered by vendor Wddgroup Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28699 1 Wddgroup 1 Fantasy 2024-11-21 8.8 High
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.
CVE-2023-28698 1 Wddgroup 1 Fantsy 2024-11-21 9.8 Critical
Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.