CNNVD-202512-118 Information
CNNVD ID
CNNVD-202512-118
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Mogu blog(蘑菇博客)是中国Streamlet个人开发者的一个基于微架构的前后端共享博客系统。 Mogu blog v2 5.2及之前版本存在路径遍历漏洞,该漏洞源于组件ZIP File Handler中文件/networkDisk/unzipFile函数FileOperation.unzip对参数fileUrl处理不当,可能导致路径遍历攻击。
Description (English)
Mogublog (Frooms Blog) is a micro-structure-based, back-to-back, blog-sharing system for Chinese Streamlet personal developers. Mogu blog v2 5.2 and previous versions have path-to-path loopholes that stem from the file/networkDisk/unzipfile function FileOperation.unzip mishandled against parameter fileUrl, which may lead to a routing attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2025-12-01
Last Modified
2026-02-24
References
https://vuldb.com/?id.333825 https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-zip_slip-1/report.md https://vuldb.com/?submit.692107 https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-zip_slip-1/report.md#proof-of-concept https://vuldb.com/?ctiid.333825 https://access.redhat.com/security/cve/cve-2025-13816
Share on: