CNNVD-202511-1940 Information

CNNVD ID

CNNVD-202511-1940

Related CVE

CVE-2025-13266

• CNNVD Published: 2025-11-17

Description (Chinese)

vlife是程序员超哥（wwwlike）个人开发者的一个准零代码平台。 vlife 2.0.1及之前版本存在路径遍历漏洞，该漏洞源于对文件vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java中参数fileName的错误操作，可能导致路径遍历。

Description (English)

Vlife is a quasi-zero-code platform for programmers (wwwlike) personal developers. Vlife 2.0.1 and previous versions have path-to-path loopholes, which result from the error of the parameter file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java, which may lead to a path-by-path error.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-11-17

Last Modified

2026-02-24

References

https://vuldb.com/?id.332601 https://vuldb.com/?submit.689436 https://github.com/wwwlike/vlife/issues/3 https://vuldb.com/?ctiid.332601 https://access.redhat.com/security/cve/cve-2025-13266