CVE-2025-14521

The CVE-2025-14521 entry concerns baowzh hfly, where the path traversal vulnerability is triggered by manipulating the filename argument in the API endpoint /admin/index.php/datafile/download. The condition arises from an unknown function within that file, allowing remote exploitation and publicl...

CVE-2025-14520

CVE-2025-14520 affects the baowzh hfly software. Multiple connected sources describe a path traversal vulnerability in the file /admin/index.php/datafile/delfile triggered by manipulation of the filename parameter. This allows remote exploitation and has been publicly available as an exploit. The...

CVE-2025-14522

CVE-2025-14522 affects baowzh hfly with an unrestricted file upload via the imgFile parameter in /Public/Kindeditor/php/upload_json.php. The root cause is manipulation of imgFile, enabling remote exploitation; exploitation status and affected versions are not clearly defined in the provided detai...

CVE-2025-14519

CVE-2025-14519 affects baowzh hfly 代表 version lineage prior to 638ff9abe9078bc977c132b37acbe1900b63491c, specifically the advtext Module’s /admin/index.php/advtext/add path. The root cause is cross-site scripting (XSS) in the processing of that file, enabling remote execution of the exploit. Publ...