CNNVD-202507-626 Information
CNNVD ID
CNNVD-202507-626
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Digital-Infrastructure是有生软件(Risesoft)开源的一款管理支撑平台。 Digital-Infrastructure 9.6.7及之前版本存在路径遍历漏洞,该漏洞源于文件Y9FileController.java中参数fullPath处理不当,可能导致路径遍历。
Description (English)
Digital-Infrastructure is a management support platform for the open source of raw software (Risesoft). Digital-Infrastructure 9.6.7 and previous versions have path-to-path loopholes, which stem from the mishandling of the parameter FullPath in document Y9FileController.java, which may lead to routing.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
RISS SRL
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250621-01.md https://vuldb.com/?submit.601825 https://vuldb.com/?id.315019 https://vuldb.com/?ctiid.315019 https://access.redhat.com/security/cve/cve-2025-7108
Patch
https://github.com/risesoft-y9/Digital-Infrastructure/releases
Share on: