CNNVD-202511-983 Information
CNNVD ID
CNNVD-202511-983
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
OpenClinica Community Edition是美国OpenClinica公司的一个临床数据管理系统。 OpenClinica Community Edition 3.12.2及之前版本和3.13及之前版本存在路径遍历漏洞,该漏洞源于对文件/ImportCRFData?action=confirm中参数xml_file的错误操作,可能导致路径遍历攻击。
Description (English)
OpenClinica Community Education is a clinical data management system for OpenClinica in the United States. OpenClinica Commission 3.12.2 and previous and 3.13 and previous versions have path-to-path loopholes, which are the result of a mishandling of the parameter xml file in the file/ImportCRFData?action=confirm, which may lead to a path-to-path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
OpenClinica
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-rce.md https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-rce.md#raw-requests-abridged https://vuldb.com/?ctiid.331642 https://vuldb.com/?id.331642 https://vuldb.com/?submit.680873 https://access.redhat.com/security/cve/cve-2025-12922
Share on: