CNNVD-202510-3578 Information

CNNVD ID

CNNVD-202510-3578

Related CVE

CVE-2025-12268

• CNNVD Published: 2025-10-27

Description (Chinese)

LearnHouse是LearnHouse开源的一个在线学习管理系统。 LearnHouse存在安全漏洞，该漏洞源于文件/api/v1/courses/中组件Course Thumbnail Handler对参数thumbnail的限制不足，可能导致任意文件上传。

Description (English)

Learn House is an online learning management system that is an open source for Learn House. There is a security loophole in Learn House, which stems from inadequate restrictions on the thumbnail parameter in the file/api/v1/courts/middle component Course Thumbnail Handler, which may lead to any upload of the document.

Hazard Level

High

Vulnerability Type

其他

Published

2025-10-27

Last Modified

2026-02-24

References

https://gist.github.com/KhanMarshaI/ef07d20eb1cbe30c71722fbded7cc056 https://vuldb.com/?ctiid.329940 https://vuldb.com/?id.329940 https://vuldb.com/?submit.674145