CNNVD-202506-3597 Information
CNNVD ID
CNNVD-202506-3597
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
sublinkX是Chen Hui个人开发者的一个开源节点订阅转换生成管理系统。 sublinkX 1.8及之前版本存在路径遍历漏洞,该漏洞源于文件api/template.go中参数filename的错误操作导致路径遍历。
Description (English)
SublinkX is an open-source subscription-generation management system for Chen Hui personal developers. SublinkX 1.8 and previous versions have path-to-path loopholes, which result from the error of file api/template.go ’ s parameter file file file file file file file file file namename.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Live Support
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/gooaclok819/sublinkX/commit/778d26aef723daa58df98c8060c43f5bf5d1b10b https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524 https://github.com/gooaclok819/sublinkX/issues/69 https://github.com/gooaclok819/sublinkX/releases/tag/1.9 https://vuldb.com/?ctiid.314090 https://vuldb.com/?id.314090 https://vuldb.com/?submit.602369 https://access.redhat.com/security/cve/cve-2025-6774
Patch
https://github.com/gooaclok819/sublinkX/releases
Share on: