CNNVD-202601-952 Information

Jan 05, 2026 cve

CNNVD ID

CNNVD-202601-952

CVE-2025-15449

CNNVD Published: 2026-01-05

Description (Chinese)

mall是macro个人开发者的一套电商系统，包括前台商城系统及后台管理系统。 mall 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0及之前版本存在路径遍历漏洞，该漏洞源于对文件src/main/java/com/macro/mall/controller/MinioController.java中函数delete的参数objectName的错误操作，可能导致路径遍历。

Description (English)

Mall is a set of electrician systems for Macro’s personal developers, including the front and back office management systems. Malll 994f1e2b019378ec944cdf3fce2d2d5b5f72d28f0 and previous versions have path-crossing loopholes, which are the result of errors in the object name of the function delete in file src/main/java/com/macro/mall/controll/MinioController.java.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.339482 https://vuldb.com/?submit.722000 https://vuldb.com/?id.339482 https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md https://access.redhat.com/security/cve/cve-2025-15449

Share on: