CNNVD-202508-3011 Information

CNNVD ID

CNNVD-202508-3011

Related CVE

CVE-2025-9406

• CNNVD Published: 2025-08-25

Description (Chinese)

lemon是Xu Huisheng个人开发者的一个开源OA。 lemon 1.13.0及之前版本存在安全漏洞，该漏洞源于文件CmsArticleController.java中uploadImage函数对Upload参数处理不当，可能导致无限制上传。

Description (English)

Lemon is an open source OA for Xu Huisheng personal developers. Lemon 1.1.3.0 and previous versions have a security loophole, which stems from the inappropriate handling of UPload parameters by the preloadImage function in document CmsArticleController.java, which may lead to unlimited uploading.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-25

Last Modified

2026-02-24

References

https://vuldb.com/?submit.633593 https://github.com/xuhuisheng/lemon/issues/212#issue-3317490086 https://vuldb.com/?id.321242 https://vuldb.com/?ctiid.321242 https://nvd.nist.gov/vuln/detail/CVE-2025-9406

Patch

https://github.com/xuhuisheng/lemon/tags