CNNVD-202511-1948 Information
Nov 17, 2025
cve
CNNVD ID
CNNVD-202511-1948
Related CVE
- CNNVD Published: 2025-11-17
Description (Chinese)
Chunghwa Telecom TenderDocTransfer是中国中华电信(Chunghwa Telecom)公司的一款应用程序。 Chunghwa Telecom TenderDocTransfer存在跨站请求伪造漏洞,该漏洞源于API缺少CSRF保护和存在绝对路径遍历,可能导致任意文件删除攻击。
Description (English)
Chunghwa Telecom TenderDocTransfer is an application of Chunghwa Telecom, China. Chunghwa Telecom TenderDocTransfer has a false gap in cross-site requests, which stems from the API ’ s lack of CSRF protection and the existence of absolute pathways, which may lead to arbitrary document deletion of the attack.
Hazard Level
Medium
Vulnerability Type
跨站请求伪造
Affected Vendor
中华电信
Published
2025-11-17
Last Modified
2026-02-24
References
https://www.twcert.org.tw/en/cp-139-10511-10f3a-2.html https://www.twcert.org.tw/tw/cp-132-10510-3719c-1.html
Patch
https://www.cht.com.tw/en/home/cht
Share on: