Pandax vulnerabilities
4 known vulnerabilities affecting pandax/pandax.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-2563P2CRITICALCVSS 9.8≤ 2024-03-102024-03-17
CVE-2024-2563 [CRITICAL] CWE-24 CVE-2024-2563: A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vu
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated rem
nvd
CVE-2024-2565P3CRITICALCVSS 9.8≤ 2024-03-102024-03-17
CVE-2024-2565 [CRITICAL] CWE-434 CVE-2024-2565: A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Aff
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disc
nvd
CVE-2024-2562P3CRITICALCVSS 9.8≤ 2024-03-102024-03-17
CVE-2024-2562 [CRITICAL] CWE-89 CVE-2024-2562: A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This
A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be us
nvd
CVE-2024-2564P3HIGHCVSS 7.3≤ 2024-03-102024-03-17
CVE-2024-2564 [HIGH] CWE-24 CVE-2024-2564: A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue a
A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The as
nvd