CNNVD-202511-1943 Information
Nov 17, 2025
cve
CNNVD ID
CNNVD-202511-1943
Related CVE
- CNNVD Published: 2025-11-17
Description (Chinese)
Chunghwa Telecom TenderDocTransfer是中国中华电信(Chunghwa Telecom)公司的一款应用程序。 Chunghwa Telecom TenderDocTransfer存在跨站请求伪造漏洞,该漏洞源于API缺少CSRF保护和存在绝对路径遍历,可能导致任意文件复制粘贴攻击。
Description (English)
Chunghwa Telecom TenderDocTransfer is an application of Chunghwa Telecom, China. Chunghwa Telecom TenderDocTransfer has a false gap in cross-site requests, which stems from the API ’ s lack of CSRF protection and the existence of absolute paths, which could lead to any type of document copying attack.
Hazard Level
Medium
Vulnerability Type
跨站请求伪造
Affected Vendor
中华电信
Published
2025-11-17
Last Modified
2026-02-24
References
https://www.twcert.org.tw/en/cp-139-10511-10f3a-2.html https://www.twcert.org.tw/tw/cp-132-10510-3719c-1.html
Patch
https://www.cht.com.tw/en/home/cht
Share on: