CNNVD-202512-4994 Information
Dec 29, 2025
cve
CNNVD ID
CNNVD-202512-4994
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
WELLTEND BPMFlowWebkit是中国台湾鸿名(WELLTEND)公司的一款业务流程管理系统。 WELLTEND BPMFlowWebkit存在安全漏洞,该漏洞源于存在任意文件读取漏洞,可能导致未经验证的远程攻击者利用绝对路径遍历下载任意系统文件。
Description (English)
WellTend BPMFlowWebkit is a business process management system of WellTend Corporation. There is a security loophole in WellTend BPMFlowWebkit, which stems from the existence of any file reading loophole that could lead unverified remote assailants to use absolute paths to download any system file.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
鸿名
Published
2025-12-29
Last Modified
2026-02-24
References
https://www.twcert.org.tw/en/cp-139-10605-426b6-2.html https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html
Patch
https://www.welltend.com.tw/system.php
Share on: