Skip to main content

Alldata

7 CVEs product

Monthly

CVE-2024-29434 HIGH This Week

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Alldata
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-29432 CRITICAL Act Now

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-27605 HIGH This Week

Alldata V0.4.6 is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27604 CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27602 CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-29435 MEDIUM This Month

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Alldata
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2024-29433 CRITICAL Act Now

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
EPSS 1% CVSS 8.3
HIGH This Week

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Alldata
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Alldata
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Alldata V0.4.6 is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Alldata
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy