Filtered by vendor Yeqifu
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65878 | 1 Yeqifu | 1 Warehouse Management System | 2025-12-12 | N/A | 7.5 HIGH |
| The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information. | |||||
| CVE-2025-65879 | 1 Yeqifu | 1 Warehouse Management System | 2025-12-12 | N/A | 8.1 HIGH |
| Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads. | |||||