CNNVD-202512-4810 Information

CNNVD ID

CNNVD-202512-4810

Related CVE

CVE-2025-57403

• CNNVD Published: 2025-12-26

Description (Chinese)

Cola Dnslog是AbelChe个人开发者的一个无回显漏洞探测辅助平台。 Cola Dnslog v1.3.2版本存在安全漏洞，该漏洞源于处理TXT记录DNS查询时直接拼接请求URL和基本路径，可能导致目录遍历或绝对路径注入，进而泄露敏感信息。

Description (English)

Cola Dnslog is an unrecovered gap detection support platform for AbelChe’s personal developers. There is a security loophole in version Cola Dnslog v1.3.2, which stems from the direct fusion of requests for URLs and basic paths when processing TXT records DNS queries, which may result in a directory being injected through a history or absolute path, thus leaking sensitive information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-26

Last Modified

2026-02-24

References

https://gist.github.com/Captaince/99b728c792c72b2666c2400625702df0 https://github.com/AbelChe/cola_dnslog/issues/29 https://access.redhat.com/security/cve/cve-2025-57403