CNNVD-202601-072 Information

CNNVD ID

CNNVD-202601-072

Related CVE

CVE-2026-0571

• CNNVD Published: 2026-01-02

Description (Chinese)

warehouse是yeqifu个人开发者的一个基于spring boot的中小型仓库物流管理系统。 warehouse存在路径遍历漏洞，该漏洞源于对文件warehousesrcmainjavacomyeqifusyscommonAppFileUtils.java中参数path的错误操作，可能导致路径遍历攻击。

Description (English)

Warehouse is a small and medium-sized warehouse logistics management system based on spring Boot, which is ayeqifu personal developer. Warehouse has a loophole in its path, which results from an error in the parameter path in document warehousesr and ainjavacomyeqifusyscommonAppFileUtils.java, which could lead to a path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md#poc https://vuldb.com/?ctiid.339385 https://vuldb.com/?id.339385 https://vuldb.com/?submit.729331 https://access.redhat.com/security/cve/cve-2026-0571