CNNVD-202512-3798 Information

CNNVD ID

CNNVD-202512-3798

Related CVE

CVE-2025-14965

• CNNVD Published: 2025-12-19

Description (Chinese)

yougou-mall-admin是1541492390c个人开发者的一个商品管理平台项目。 yougou-mall-admin存在路径遍历漏洞，该漏洞源于文件src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java中Upload函数通过恶意操作，攻击者可以实现路径遍历。

Description (English)

Yougou-mall-admin is a commodity management platform project for individual developers of 154149290c. Yougou-mall-admin has a loophole in the path, which stems from the Uplad function in document src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java, which by malicious operation the assailant can achieve the path.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2025-12-19

Last Modified

2026-02-24

References

https://vuldb.com/?submit.721081 https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md https://vuldb.com/?ctiid.337600 https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md https://vuldb.com/?submit.717732 https://vuldb.com/?id.337600 https://access.redhat.com/security/cve/cve-2025-14965