CNNVD-202509-3051 Information

CNNVD ID

CNNVD-202509-3051

Related CVE

CVE-2025-56869

• CNNVD Published: 2025-09-19

Description (Chinese)

Sync in是Sync-in开源的一个服务器同步平台。 Sync in 1.1.1及之前版本存在安全漏洞，该漏洞源于FilesManager.saveMultipart和FilesManager.compress函数存在目录遍历问题，可能导致经过身份验证的攻击者获取系统读写权限。

Description (English)

Synic in is a server synchronous platform from Synch-in open source. Sync in 1.1.1 and previous versions had a security loophole, which stemmed from the directory problems of the FilesManager.saveMultipart and FilesManager.compress functions, which could lead to a system-reading and writing permission for an identified assailant.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Synway

Published

2025-09-19

Last Modified

2026-02-24

References

https://github.com/Sync-in/server https://github.com/Sync-in/server/releases/tag/v1.2.0 https://sync-in.com/ https://access.redhat.com/security/cve/cve-2025-56869

Patch

https://github.com/Sync-in/server/releases