CNNVD-202509-4419 Information
CNNVD ID
CNNVD-202509-4419
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Bjskzy Zhiyou ERP是中国北京时空智友(Bjskzy)公司的一款企业资源计划软件。 Bjskzy Zhiyou ERP 11.0及之前版本存在路径遍历漏洞,该漏洞源于组件com.artery.form.services.FormStudioUpdater中函数uploadStudioFile对参数filepath的错误操作,可能导致路径遍历攻击。
Description (English)
Bjskzy Zhiyou ERP is an enterprise resource planning software for Bjskzy, China. Bjskzy Zhiyou ERP 11.0 and previous versions have path-to-path loopholes that stem from the error of the medium function of component co.artery.form.services.FormStudioUpdater inuploadStudioFile against parameter filipath, which may lead to a path-to-path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Published
2025-09-29
Last Modified
2026-02-24
References
https://github.com/FightingLzn9/vul/blob/main/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8Berp-2.md https://vuldb.com/?ctiid.326216 https://vuldb.com/?id.326216 https://vuldb.com/?submit.658077
Share on: