CNNVD-202602-332 Information

CNNVD ID

CNNVD-202602-332

Related CVE

CVE-2025-70841

• CNNVD Published: 2026-02-03

Description (Chinese)

Dokans是AMCoders开源的一个电商平台。 Dokans 3.9.2版本存在安全漏洞，该漏洞源于直接请求/script/.env文件可能导致敏感应用程序配置数据泄露，从而引发完全系统破解，包括通过会话令牌伪造绕过身份验证、直接访问所有租户数据库以及接管电子邮件基础设施。

Description (English)

Dokans is an AMCoders open-source electrical platform. There is a security loophole in Dokans version 3.9.2, which stems from direct requests/script/.env documents that could lead to the release of data on sensitive applications configurations, which could trigger a complete system breakdown, including the circumvention of identification through the falsification of message signs, direct access to all tenant databases and the taking over of the e-mail infrastructure.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AMCoders

Published

2026-02-03

Last Modified

2026-02-24

References

https://codecanyon.net/item/dokans-multitenancy-based-ecommerce-platform-saas/31122915