CNNVD-202508-2938 Information

CNNVD ID

CNNVD-202508-2938

Related CVE

CVE-2025-9409

• CNNVD Published: 2025-08-25

Description (Chinese)

ruoyi-go是lostvip.com个人开发者的一个后台管理系统。 ruoyi-go 2.1及之前版本存在路径遍历漏洞，该漏洞源于文件modules/system/controller/CommonController.go中DownloadTmp/DownloadUpload函数对fileName参数处理不当，可能导致路径遍历。

Description (English)

Ruoyi-go is a back-office management system for individual developers in lostvip.com. The ruoyi-go 2.1 and previous versions have path-to-path loopholes, which stem from the fact that the DownloadTmp/DownloadUpload function in filemodules/system/controller/CommonController.go does not handle the fileName parameter properly, which may lead to a path-to-way.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-08-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.633663 https://vuldb.com/?submit.633661 https://vuldb.com/?id.321250 https://vuldb.com/?ctiid.321250 https://github.com/on-theway/cve/issues/2 https://github.com/on-theway/cve/issues/1 https://nvd.nist.gov/vuln/detail/CVE-2025-9409