CVE-2025-65878

High CVSS: 7.5

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Vendor

Yeqifu

Product

Warehouse Management System

CWE

CWE-22

Yayın Tarihi

2025-12-05 17:16:03

Güncelleme

2025-12-12 12:51:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Warehouse Management System HIGH Yeqifu 2025

Referanslar

https://github.com/W000i/vuln/issues/2

Benzer Kayıtlar

Medium

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects th…

Medium

CVE-2026-2851

A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability af…

Medium

CVE-2026-2850

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function…

Medium

CVE-2026-2849

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issu…

Medium

CVE-2026-2107

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function…

Medium

CVE-2026-2106

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element…