CNNVD-202509-1160 Information

CNNVD ID

CNNVD-202509-1160

Related CVE

CVE-2025-44593

• CNNVD Published: 2025-09-09

Description (Chinese)

Halo是Halo开源的一个强大易用的开源建站工具。 Halo 2.20.13之前版本存在安全漏洞，该漏洞源于绕过文件类型检测，可能导致上传恶意文件。

Description (English)

Halo is a powerful and easy-to-use open-source construction tool for Halo. Haro 2.20.13 has a security loophole in the previous version, which stems from the circumvention of document type tests, which may lead to the uploading of malicious documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Hamilton-medical

Published

2025-09-09

Last Modified

2026-02-24

References

https://meadow-horn-b94.notion.site/halo-File-Upload-Vulnerability-14c42bd5b11880d58e11cd976f8e9d4f https://access.redhat.com/security/cve/cve-2025-44593

Patch

https://docs.halo.run/