CVE-2025-65879

High CVSS: 8.1

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Vendor

Yeqifu

Product

Warehouse Management System

CWE

CWE-22

Yayın Tarihi

2025-12-05 17:16:04

Güncelleme

2025-12-12 12:51:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Warehouse Management System HIGH Yeqifu 2025

Referanslar

https://github.com/W000i/vuln/issues/3

Benzer Kayıtlar

Medium

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects th…

Medium

CVE-2026-2851

A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability af…

Medium

CVE-2026-2850

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function…

Medium

CVE-2026-2849

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issu…

Medium

CVE-2026-2107

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function…

Medium

CVE-2026-2106

A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element…