← voltar
CVE-2025-6453

diyhi bbs API ForumManageAction.java add path traversal

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22
A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
diyhi · bbs

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md#steps-to-reproducehttps://vuldb.com/?ctiid.313560https://vuldb.com/?id.313560https://vuldb.com/?submit.598862