CNNVD-202509-3203 Information

CNNVD ID

CNNVD-202509-3203

Related CVE

CVE-2025-10766

• CNNVD Published: 2025-09-21

Description (Chinese)

ZKEACMS是ZKEASOFT开源的一个视觉设计、所见即所得的内容管理系统。 ZKEACMS 4.3及之前版本存在路径遍历漏洞，该漏洞源于对文件EventViewerController.cs中函数Download的参数ID的错误操作，可能导致路径遍历攻击。

Description (English)

ZKEACMS is a visual, visible and generated content management system for ZKEASOFT. There is a ZKEACMS 4.3 and previous versions of a path-wide loophole, which stems from an error in the id of the parameter of the Download function in the EventViewerController.cs, which may lead to a path-by-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

ZKEASOFT

Published

2025-09-21

Last Modified

2026-02-24

References

https://vuldb.com/?id.325121 https://vuldb.com/?ctiid.325121 https://vuldb.com/?submit.650445 https://github.com/August829/YU1/issues/1 https://access.redhat.com/security/cve/cve-2025-10766