5 matches found
CVE-2025-14521
A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...
CVE-2025-14521 baowzh hfly download path traversal
A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...
CVE-2025-14521
The CVE-2025-14521 entry concerns baowzh hfly, where the path traversal vulnerability is triggered by manipulating the filename argument in the API endpoint /admin/index.php/datafile/download. The condition arises from an unknown function within that file, allowing remote exploitation and publicl...
hfly 路径遍历漏洞
hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/download, which could lead to a path traversal attack...
PT-2025-50629
Name of the Vulnerable Software and Affected Versions baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c Description A security issue exists in baowzh hfly that allows for path traversal. This occurs due to manipulation of the filename argument in the...