CNNVD-202510-1612 Information

CNNVD ID

CNNVD-202510-1612

Related CVE

CVE-2025-11631

• CNNVD Published: 2025-10-12

Description (Chinese)

MxsDoc是Rainy开源的一个基于 Web 的文件管理系统。 MxsDoc 2.02.36及之前版本存在路径遍历漏洞，该漏洞源于对文件/Doc/deleteDoc.do中参数path的错误操作，可能导致路径遍历攻击。

Description (English)

MxsDoc is a web-based document management system from Rainy Open Source. MxDoc 2.02.36 and previous versions have path-to-path loopholes, which stem from the wrong operation of the parameter path in file/Doc/deleteDoc.do, which could lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Rainy

Published

2025-10-12

Last Modified

2026-02-24

References

https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md https://vuldb.com/?ctiid.328043 https://vuldb.com/?id.328043 https://vuldb.com/?submit.664848

Patch

https://github.com/RainyGao-GitHub/DocSys/releases