CNNVD-202506-3600 Information
CNNVD ID
CNNVD-202506-3600
Related CVE
- CNNVD Published: 2025-06-27
Description (Chinese)
openvpn-cms-flask是中国xiaoyunjie个人开发者的一个基于openvpn的web管理系统。 openvpn-cms-flask 1.2.7及之前版本存在路径遍历漏洞,该漏洞源于文件app/plugins/oss/app/controller.py中参数image的错误操作导致路径遍历。
Description (English)
Openvpn-cms-flask is a web-based management system based on openvpn of the Chinese personal developer xiaoyunjie. Openvpn-cms-flask 1.2.7 and previous versions have path-to-path loopholes, which result from the error of the parameter image in fileapp/plugins/oss/app/controller.py.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
Live Support
Published
2025-06-27
Last Modified
2026-02-24
References
https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6 https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23 https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8 https://vuldb.com/?ctiid.314092 https://vuldb.com/?id.314092 https://vuldb.com/?submit.602374
Patch
https://github.com/xiaoyunjie/openvpn-cms-flask/releases
Share on: