balloonwj/flamingo

balloonwj/flamingo

Releases0

Stars3.95K

flamingo 一款高性能轻量级开源即时通讯软件

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-35242 ↗	Dec 26, 2020Saturday, 26 December 2020, 20:15	9.8 CRITICAL	7.5 HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
CVE-2020-35243 ↗	Dec 26, 2020Saturday, 26 December 2020, 20:15	9.8 CRITICAL	7.5 HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
CVE-2020-35244 ↗	Dec 26, 2020Saturday, 26 December 2020, 20:15	9.8 CRITICAL	7.5 HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
CVE-2020-35245 ↗	Dec 26, 2020Saturday, 26 December 2020, 20:15	9.8 CRITICAL	7.5 HIGH
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.
CVE-2020-35284 ↗	Dec 26, 2020Saturday, 26 December 2020, 06:15	7.5 HIGH	5 MEDIUM
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.