CNNVD-202511-086 Information

CNNVD ID

CNNVD-202511-086

Related CVE

CVE-2025-12626

• CNNVD Published: 2025-11-03

Description (Chinese)

Jeewx-Boot是JEECG官方开源开源的一个微信管家平台。 Jeewx-Boot存在安全漏洞，该漏洞源于对文件WxActGoldeneggsPrizesController.java中参数imgurl的错误操作，可能导致路径遍历攻击。

Description (English)

Jeewx-Boot is an open-source MS platform for the official JEECG. There is a security loophole in Jeewx-Boot, which is the result of an error in the parameters mgurl in WxActGoldenegsPrizesController.java, which could lead to a routing attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国炬

Published

2025-11-03

Last Modified

2026-02-24

References

https://github.com/jeecgboot/jeewx-boot/issues/17 https://github.com/jeecgboot/jeewx-boot/issues/47 https://vuldb.com/?ctiid.330916 https://vuldb.com/?id.330916 https://vuldb.com/?submit.678926