CRITICAL🇵🇱 Wersja polska

CVE-2024-44677

CVSS 9.8v3.1pub. 2024-09-10upd. 2025-03-31

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Eladmin

    APP
    Eladmin
    ≤ 2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESSRF
CWE
References

Related vulnerabilities

CVE-2025-22978CRITICAL9.8PL ✓ten sam produkt

CSV Injection w module pobierania logów wyjątków — Eladmin

CVE-2024-51243HIGH7.2ten sam produkt

The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all applicat...

CVE-2025-70997MEDIUM6.5ten sam produkt

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary use...

CVE-2025-9239MEDIUM6.3ten sam produkt

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function Enc...

CVE-2025-8530MEDIUM5.5ten sam produkt

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by ...