📦 Youkefu

This vulnerability in Youkefu up to version 4.2.0 allows remote attackers to execute arbitrary code through insecure deserialization in the TemplateController.java file. Attackers can exploit this by ...

This critical vulnerability in Youkefu allows remote attackers to upload arbitrary files without restrictions via the MediaController.java Upload function. Attackers can potentially upload malicious f...

This XXE vulnerability in YoukeFu allows attackers to read arbitrary files from the server by exploiting XML parsing in the call center router component. It affects YoukeFu versions up to 4.2.0 and ca...

This critical vulnerability in Youkefu 4.2.0 allows remote attackers to perform server-side request forgery (SSRF) attacks by manipulating the 'url' parameter in the /res/url endpoint. Attackers can e...