CNNVD-202510-748 Information
CNNVD ID
CNNVD-202510-748
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.35.0版本存在安全漏洞,该漏洞源于Assignment Picture Handler组件中文件/files/的直接请求,可能导致远程攻击。
Description (English)
Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. There is a security loophole in version 2.35.0 of Frappe Learning Management System, which originates from the direct request for documents/files/in the Assignment Picture Handler component and may lead to a long-range attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Frappe
Published
2025-10-05
Last Modified
2026-02-24
References
https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1 https://gist.github.com/0xHamy/beb840a754f50a7ee6500600147a6ac1#steps-to-reproduce https://vuldb.com/?ctiid.327014 https://vuldb.com/?id.327014 https://vuldb.com/?submit.659694
Patch
https://github.com/frappe/lms/releases
Share on: