CNNVD-202506-2899 Information

Jun 22, 2025 cve

CNNVD ID

CNNVD-202506-2899

CVE-2025-6453

CNNVD Published: 2025-06-22

Description (Chinese)

diyhi bbs（巡云轻论坛系统）是中国的一个开源项目，采用JAVA+MYSQL架构，自适应手机端和电脑端，界面简洁，性能高效。 diyhi bbs 6.8版本存在路径遍历漏洞，该漏洞源于组件API的文件/src/main/java/cms/web/action/template/ForumManageAction.java中参数dirName的错误操作导致路径遍历。

Description (English)

The diyhi bs (the cloud-light forum system) is an open-source project in China, using the JAVA+MYSQL structure to adapt to the end of a mobile phone and computer, with a simple and efficient interface. Diyhi bbs version 6.8 has a path-to-path loophole, which results from the error of the dirName parameter in component API file/src/main/java/cms/web/action/template/ForumManageaction.java.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Live Support

Published

2025-06-22

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md https://vuldb.com/?id.313560 https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md#steps-to-reproduce https://vuldb.com/?ctiid.313560 https://vuldb.com/?submit.598862 https://access.redhat.com/security/cve/cve-2025-6453

Share on: