CNNVD-202601-5005 Information

CNNVD ID

CNNVD-202601-5005

Related CVE

CVE-2020-37034

• CNNVD Published: 2026-01-30

Description (Chinese)

Hello Web是Hello Web公司的一个自助式网站建设工具。 Hello Web 2.0版本存在路径遍历漏洞，该漏洞源于download.asp页面中的filepath和filename参数处理不当，可能导致任意文件下载。

Description (English)

Hello Web is a self-help website construction tool for Hello Web. Hello Web 2.0 has a loophole in the path, which stems from the mishandling of the filipath and filename parameters on the download.asp page, which may lead to any download.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Hello Web

Published

2026-01-30

Last Modified

2026-02-24

References

https://helloweb.co.kr/ https://web.archive.org/web/20190109182037/ https://www.exploit-db.com/exploits/48659 https://www.vulncheck.com/advisories/helloweb-arbitrary-file-download