CNNVD-202508-3570 Information

CNNVD ID

CNNVD-202508-3570

Related CVE

CVE-2025-9650

• CNNVD Published: 2025-08-29

Description (Chinese)

carRental是carRental公司的一个租车软件。 carRental存在路径遍历漏洞，该漏洞源于文件src/main/java/com/yeqifu/sys/utils/AppFileUtils.java中函数removeFileByPath对参数carimg的错误操作导致路径遍历。

Description (English)

CarRental is a car rental software for CarRental. CarRental has a loophole in its path, which stems from the error of the central function of src/main/java/com/yeqifu/sys/utils/AppFileUtils.java, which caused the path to go through the parameter carimg.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

carRental

Published

2025-08-29

Last Modified

2026-02-24

References

https://vuldb.com/?submit.636624 https://vuldb.com/?id.321858 https://vuldb.com/?ctiid.321858 https://github.com/JetpropelledSnake/CVE-File/blob/main/Unrestricted%20deletion%20of%20any%20file.md https://nvd.nist.gov/vuln/detail/CVE-2025-9650 https://access.redhat.com/security/cve/cve-2025-9650