Lucene search
K

4 matches found

Snyk
Snyk
added 2025/08/25 4:43 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the DownloadTmp function in CommonController.go when handling the fileName argument. An attacker can access arbitrary files on the server by supplying crafted input remotely. Details A Directory Traversal attack...

6.5CVSS7.7AI score0.00693EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 4:15 p.m.4 views

CVE-2025-9409

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

6.5CVSS6.7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.5 views

PT-2025-34680 · Lostvip Com · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions prior to 2.1 Description: A security flaw exists in the DownloadTmp/DownloadUpload function within the modules/system/controller/CommonController.go file. Manipulation of the fileName argument can lead to a path...

5.3CVSS4.5AI score0.00693EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.5 views

ruoyi-go 路径遍历漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A path traversal vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from the improper handling of the fileName parameter in the DownloadTmp/DownloadUpload function in the file...

6.5CVSS4.8AI score0.00693EPSS
Exploits0References7
Rows per page
Query Builder