← back
CVE-2025-6453

diyhi bbs API ForumManageAction.java add path traversal

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22
A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
diyhi · bbs

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md#steps-to-reproducehttps://vuldb.com/?ctiid.313560https://vuldb.com/?id.313560https://vuldb.com/?submit.598862