📦 Eladmin

CVE-2024-44677 is a critical Server-Side Request Forgery (SSRF) vulnerability in eladmin v2.7 and earlier that allows authenticated attackers to make arbitrary HTTP requests from the vulnerable server...

This vulnerability in eladmin v2.7 and earlier allows attackers to reset any user's password regardless of their permission level. Attackers can gain unauthorized access to user accounts, potentially ...

This vulnerability allows unauthorized access to error log details in elunez eladmin systems. Attackers can remotely exploit improper authorization in the SysLogController component to view sensitive ...

CVE-2025-9240 is an information disclosure vulnerability in elunez eladmin up to version 2.7. The flaw in the /auth/info endpoint allows remote attackers to access sensitive information without authen...

This vulnerability in elunez eladmin allows attackers to use default credentials for Druid database monitoring interface when login-username/login-password parameters are manipulated. Systems running ...

A deserialization vulnerability in elunez eladmin's file upload function allows remote attackers to manipulate server arguments. This affects eladmin versions up to 2.7, potentially enabling arbitrary...

eladmin v2.7 and earlier versions contain a Cross-Site Scripting (XSS) vulnerability in LocalStoreController.java that allows attackers to inject malicious scripts. This affects users of eladmin web a...