CNNVD-202601-752 Information

CNNVD ID

CNNVD-202601-752

Related CVE

CVE-2025-15432

• CNNVD Published: 2026-01-02

Description (Chinese)

carRental是carRental公司的一个租车软件。 carRental存在路径遍历漏洞，该漏洞源于对文件/file/downloadShowFile.action中参数path的错误操作，可能导致路径遍历攻击。

Description (English)

CarRental is a car rental software for CarRental. CarRental has a loophole in its path, which results from a wrong operation of the parameter path in the file/file/downloadShowFile.action, which could lead to a path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

carRental

Published

2026-01-02

Last Modified

2026-02-24

References

https://github.com/yeqifu/carRental/issues/46 https://vuldb.com/?ctiid.339354 https://vuldb.com/?id.339354 https://vuldb.com/?submit.723220 https://access.redhat.com/security/cve/cve-2025-15432