CNNVD-202511-1947 Information

CNNVD ID

CNNVD-202511-1947

Related CVE

CVE-2025-13262

• CNNVD Published: 2025-11-17

Description (Chinese)

lsFusion是lsfusion开源的一个基于声明性开源语言的信息系统开发平台。 lsFusion 6.1及之前版本存在路径遍历漏洞，该漏洞源于对文件platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java中参数sid的错误操作，可能导致路径遍历。

Description (English)

IsFusion is a platform for information system development based on the declared open-source language. IsFusion 6.1 and previous versions have path-to-path loopholes, which stem from the error of sid on the parameters in fileplatform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequesthandler.java, which could lead to a path-to-path pass.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

lsfusion

Published

2025-11-17

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.332597 https://github.com/lsfusion/platform/issues/1544 https://vuldb.com/?submit.689414 https://github.com/lsfusion/platform/issues/1544#issue-3589610731 https://vuldb.com/?id.332597 https://access.redhat.com/security/cve/cve-2025-13262