CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4201

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4201 glowxq glowxq-oj SysFileController.java upload unrestricted upload

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4201 glowxq glowxq-oj SysFileController.java upload unrestricted upload

A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to...

CVE-2026-4201

CVE-2026-4201 identifies a weakness in glowxq glowxq-oj up to commit 6f7c723090472057252040fd2bbbdaa1b5ed2393. The vulnerability affects the Upload function in business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java, where manipulation can lead to unrestri...

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

EUVD-2025-1826

Malicious code in bioql PyPI...

CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload

A vulnerability, which was classified as critical, was found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is...

CVE-2025-7487

The CVE-2025-7487 entry concerns JoeyBling SpringBoot_MyBatisPlus, specifically the SysFileController in /file/upload. The vulnerability arises from improper handling of the portraitFile argument, enabling unrestricted file uploads and remote exploitation. Public disclosures exist, but the exact ...

CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload

A vulnerability, which was classified as critical, was found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is...

CVE-2025-0703

CVE-2025-0703 affects JoeyBling bootplus; path traversal is triggered by manipulating the name argument in SysFileController.java. The issue can be exploited remotely and the exploit has been disclosed publicly. The product reportedly does not use versioning, so public details about affected vs. ...

CVE-2025-0703 JoeyBling bootplus SysFileController.java path traversal

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads ...

CVE-2025-0702

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted...

CVE-2025-0702

CVE-2025-0702 affects JoeyBling bootplus, with the issue located in the SysFileController.java handling the portraitFile parameter. The vulnerability enables unrestricted file uploads due to the manipulation of portraitFile and can be exploited remotely; the exploit has been disclosed publicly. N...

CVE-2025-0702 JoeyBling bootplus SysFileController.java unrestricted upload

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted...

PT-2025-4012 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A problematic issue has been found in JoeyBling bootplus, affecting the processing of the file src/main/java/io/github/controller/SysFileController.java. The...

bootplus 代码问题漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. A code issue vulnerability exists in bootplus, which stems from the parameter PortraitFile in the file src/main/java/io/github/controller/SysFileController.java that can lead to unrestricted uploads...

PT-2025-4011 · Unknown · Joeybling Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical vulnerability was found in JoeyBling bootplus, allowing for unrestricted file upload. The issue is related to the manipulation of the portraitFile...