CNNVD-202510-3606 Information

CNNVD ID

CNNVD-202510-3606

Related CVE

CVE-2025-12250

• CNNVD Published: 2025-10-27

Description (Chinese)

OpenWGA是OpenWGA开源的一个内容管理系统和Web应用程序开发平台。 OpenWGA 7.11.12 Build 737版本存在路径遍历漏洞，该漏洞源于对文件WGA.File中TMLScript API组件的错误操作，可能导致路径遍历攻击。

Description (English)

OpenWGA is an open-source content management system for OpenWGA and a Web application development platform. OpenWGA 7.11.1.12 Version 737 has a path-to-path loophole, which stems from an error in the operation of the TMLcript API component in the document WGA.File, which could lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

OpenWGA

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/mikecole-mg/security_findings/blob/main/openwga/openwga-rce.md https://vuldb.com/?ctiid.329921 https://vuldb.com/?id.329921 https://vuldb.com/?submit.673917