CNNVD-202508-842 Information

CNNVD ID

CNNVD-202508-842

Related CVE

CVE-2025-8775

• CNNVD Published: 2025-08-09

Description (Chinese)

Qiyuesuo Eelectronic Signature Platform是中国契约锁（Qiyuesuo）公司的一款电子签名与电子合同管理平台。 Qiyuesuo Eelectronic Signature Platform 4.34及之前版本存在代码问题漏洞，该漏洞源于文件/api/code/upload中参数File处理不当，可能导致无限制上传。

Description (English)

Qiyusuo Electronic Signature Platform is an electronic signature and electronic contract management platform for Qiyusuo Corporation. Qiyusuo Electronic Signature Platform 4.34 and previous versions had a code gap, which stemmed from the inappropriate handling of File, the parameter in document/api/code/upload, which could lead to unrestricted uploading.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

契约锁

Published

2025-08-09

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.319298 https://vuldb.com/?submit.625551 https://vuldb.com/?id.319298 https://vuldb.com/?submit.625553 https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md https://access.redhat.com/security/cve/cve-2025-8775