cbcvebase.

Ragic Enterprise Cloud Database vulnerabilities

6 known vulnerabilities affecting ragic/enterprise_cloud_database.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH3

Vulnerabilities

Page 1 of 1
CVE-2024-9984P2CRITICALCVSS 9.8fixed in 2024-08-08fixed in 2024/08/08 09:45:252024-10-15
CVE-2024-9984 [CRITICAL] CWE-306 CVE-2024-9984: Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowin Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
nvd
CVE-2025-15016P2CRITICALCVSS 9.8v02025-12-22
CVE-2025-15016 [CRITICAL] CWE-321 CVE-2025-15016: Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allow Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.
nvd
CVE-2024-9985P3CRITICALCVSS 9.8fixed in 2024-08-08fixed in 2024/08/08 09:45:252024-10-15
CVE-2024-9985 [CRITICAL] CWE-434 CVE-2024-9985: Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.
nvd
CVE-2025-15015P3HIGHCVSS 7.5v02025-12-22
CVE-2025-15015 [HIGH] CWE-23 CVE-2025-15015: Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unaut Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
nvd
CVE-2025-11675P3HIGHCVSS 7.2v02025-10-13
CVE-2025-11675 [HIGH] CWE-434 CVE-2025-11675: Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing pr Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd
CVE-2024-9983P3HIGHCVSS 7.5fixed in 2024-08-08fixed in 2024/08/08 09:45:252024-10-15
CVE-2024-9983 [HIGH] CWE-23 CVE-2024-9983: Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
nvd
Ragic Enterprise Cloud Database vulnerabilities | cvebase