CNNVD-202601-2944 Information

Jan 17, 2026 cve

CNNVD ID

CNNVD-202601-2944

CVE-2026-1061

CNNVD Published: 2026-01-17

Description (Chinese)

TMS是weicheng个人开发者的一个基于频道模式的团队沟通协作 + 轻量级任务看板。 TMS 2.28.0及之前版本存在代码问题漏洞，该漏洞源于对文件src/main/java/com/lhjz/portal/controller/FileController.java中函数Upload的参数filename的错误操作，可能导致不受限制的上传。

Description (English)

TMS is a channel-based team communication collaboration of the Weicheng personal developer + lightweight task board. TMS 2.28.0 and previous versions have a code problem loophole, which stems from an error in the use of the parameter file " filename " for the function " " in src/main/java/com/lhjz/portal/controller/FileController.java, which may lead to unrestricted upload.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-17

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.341629 https://vuldb.com/?submit.731240 https://vuldb.com/?id.341629 https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md https://access.redhat.com/security/cve/cve-2026-1061

Share on: