3 matches found
CVE-2025-13265
The CVE-2025-13265 entry describes a path-traversal weakness in lsFusion Platform (up to 6.1) affecting ZipUtils.java (file server path: ZipUtils.java, unpackFile function). The underlying issue is improper handling in unpackFile that allows path traversal, and the vulnerability can be triggered ...
CVE-2025-13262
Summary (CVE-2025-13262): lsFusion Platform up to 6.1 is affected. The vulnerability lies in the UploadFileRequestHandler (file/UploadFileRequestHandler.java), where manipulation of the sid argument can cause path traversal. It is exploitable remotely, and public disclosures of exploits exist. Se...
CVE-2025-13261
CVE-2025-13261 affects lsfusion platform up to 6.1. The vulnerability is in DownloadFileRequestHandler.java (web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java). Manipulation of the Version argument leads to path traversal with remote exploitation possible; exp...