Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

alldata

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

4

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2024-29432
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.43%
||
7 Day CHG+0.04%
Published-02 Apr, 2024 | 00:00
Updated-30 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas.

Action-Not Available
Vendor-alldatan/aalldata
Product-alldatan/aalldata
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-27604
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.76%
||
7 Day CHG+0.07%
Published-02 Apr, 2024 | 00:00
Updated-27 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.

Action-Not Available
Vendor-alldatan/a
Product-alldatan/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-27605
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.55%
||
7 Day CHG+0.04%
Published-02 Apr, 2024 | 00:00
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.

Action-Not Available
Vendor-alldatan/a
Product-alldatan/a
CWE ID-CWE-284
Improper Access Control
CVE-2024-27602
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.19% / 41.21%
||
7 Day CHG+0.05%
Published-02 Apr, 2024 | 00:00
Updated-30 Apr, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module.

Action-Not Available
Vendor-alldatan/aalldata
Product-alldatan/aalldata
CWE ID-CWE-284
Improper Access Control
CVE-2024-29434
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.67% / 70.40%
||
7 Day CHG+0.18%
Published-02 Apr, 2024 | 00:00
Updated-30 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file.

Action-Not Available
Vendor-alldatan/a
Product-alldatan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-29435
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG+0.04%
Published-01 Apr, 2024 | 00:00
Updated-07 May, 2025 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.

Action-Not Available
Vendor-alldatan/aalldata
Product-alldatan/aalldata
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-29433
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.55%
||
7 Day CHG+0.03%
Published-01 Apr, 2024 | 00:00
Updated-07 May, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data.

Action-Not Available
Vendor-alldatan/aalldata
Product-alldatan/aalldata
CWE ID-CWE-502
Deserialization of Untrusted Data