CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

The CVE-2025-59819 entries describe an authenticated arbitrary-file-read vulnerability: an attacker can supply a crafted filepath parameter that is mapped to an internal system path, enabling access to arbitrary files. Multiple sources (NVD, Red Hat, CVE list, Attackerkb, etc.) corroborate the sa...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

PT-2026-21002

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2026-2552

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected...

CVE-2026-2552 ZenTao Editor control.php delete path traversal

A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected...

CVE-2026-2552

ZenTao up to version 21.7.8 is affected by a path traversal in the delete function of editor/control.php (component Committer). Manipulation of the filePath argument enables traversal. Upgrading to version 21.7.9 resolves the issue; the affected component should be upgraded.

CVE-2026-2111

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filePath argument in the /airag/knowledge/doc/edit component. An attacker can access sensitive files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack al...

EUVD-2026-5716

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

CVE-2026-2111 JeecgBoot Retrieval-Augmented Generation edit path traversal

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...

PT-2026-6919

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A path traversal weakness exists in JeecgBoot. This issue affects some unknown functionality of the file /airag/knowledge/doc/edit within the Retrieval-Augmented Generation Module. Manipulation of...

JeecgBoot 路径遍历漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “filePath” in the Component...

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

EUVD-2020-31049

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

CVE-2020-37034

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...