CNNVD-202506-3366 Information

CNNVD ID

CNNVD-202506-3366

Related CVE

CVE-2025-6731

• CNNVD Published: 2025-06-26

Description (Chinese)

X-SpringBoot是czx个人开发者的一个轻量级的Java快速开发平台。 X-SpringBoot 5.0及之前版本存在路径遍历漏洞，该漏洞源于对文件/sys/oss/upload/apk中参数File的错误操作,导致路径遍历攻击。

Description (English)

X-SpringBoot is a lightweight Java fast-development platform for czx personal developers. X-SpringBoot 5.0 and previous versions have path-to-path loopholes, which stem from the wrong operation of File, the parameter in file/sys/oss/upload/apk, leading to path-to-path attacks.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Live Support

Published

2025-06-26

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md#steps-to-reproduce https://vuldb.com/?ctiid.314006 https://vuldb.com/?id.314006 https://vuldb.com/?submit.597524