CNNVD-202512-2194 Information

CNNVD ID

CNNVD-202512-2194

Related CVE

CVE-2025-14521

• CNNVD Published: 2025-12-11

Description (Chinese)

hfly是baowzh个人开发者的一个旅游网站。 hfly存在路径遍历漏洞，该漏洞源于对文件/admin/index.php/datafile/download中参数filename的错误操作，可能导致路径遍历攻击。

Description (English)

hfly is a tourist site for the Baowzh personal developer. hfly has a loophole in the path, which results from an error in the file/admin/index.php/datafile/download parameter filename, which could lead to a path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/PHP-based%20travel%20website-CMS/PHP-based%20travel%20website-CMS%20download%20filename%20Arbitrary%20file%20reading.md https://vuldb.com/?ctiid.335859 https://vuldb.com/?id.335859 https://vuldb.com/?submit.702949